Reciprocal addition of attribute fields in access control lists and profiles for femto cell coverage management

ABSTRACT

System(s) and method(s) provide access management to femto cell service through access control list(s) (e.g., white list(s), or black list(s)). White list(s) includes a set of subscriber station(s) identifier numbers, codes, or tokens, and also can include additional fields for femto cell access management based on desired complexity. White list(s) can have associated white list profile(s) therewith to establish logic of femto coverage access based on the white list(s). A mechanism for reciprocal addition of access field attributes in access control lists and white list profiles also is provided. The mechanism allows at least in part for a first subscriber to be added to a configured white list of a second subscriber, when the first subscriber configures a new white list, the second subscriber is reciprocally incorporated in the new white list. Such mechanism can be driven and facilitates generation of associations among groups of subscribers that share specific commonalities.

CROSS-REFERENCE TO RELATED APPLICATION

This application is a continuation of U.S. patent application Ser. No. 12/276,238 entitled “RECIPROCAL ADDITION OF ATTRIBUTE FIELDS IN ACCESS CONTROL LISTS AND PROFILES FOR FEMTO CELL COVERAGE MANAGEMENT,” filed Nov. 21, 2008, which claims the benefit of U.S. Provisional Patent application Ser. No. 61/052,813 entitled “MANAGEMENT OF ACCESS TO FEMTO CELL COVERAGE,” filed on May 13, 2008. The entirety of each of these applications is incorporated by reference herein.

TECHNICAL FIELD

The subject innovation relates to wireless communications and, more particularly, to management of access to femto cell coverage by a subscriber and subscriber stations.

BACKGROUND

Femto cells—building-based wireless access points interfaced with a wired broadband network—are generally deployed to improve indoor wireless coverage provided by a wireless network operator. Femto cells typically operate in licensed portions of the electromagnetic spectrum, and generally offer plug-and-play installation; e.g., automatic configuration of femto access point. Improved indoor coverage includes stronger signal and improved reception (e.g., voice or sound), ease of session or call initiation and session or call retention as well. Coverage of a femto cell, or femto AP, is intended to be confined within the bounds of an indoor compound, in order to mitigate interference among mobile stations covered by a macro cell and terminals covered by the femto AP. Additionally, confined coverage can reduce cross-talk among terminals serviced by disparate, neighboring femto cells as well.

Coverage improvements via femto cells can also mitigate customer attrition as long as a favorable subscriber perception regarding voice coverage and other data services with substantive delay sensitivity is attained. A positive customer experience can depend on adequate access management to femto cell service. Such adequate access management can include configuration procedures of a provisioned femto cell access point deployed in a coverage area. Thus, cumbersome configuration procedures that (i) involve interaction with customer service representatives; (ii) fail to provide versatility and autonomy, with substantially low complexity; or (iii) fail to be directed to a broad spectrum of consumers with various disparate degrees of technological savvy, can hinder femto cell service adoption and thus prevent pervasive dissemination of utilization of home-based and business-based femto access points and exploitation of operational efficiencies thereof.

SUMMARY

The following presents a simplified summary of the innovation in order to provide a basic understanding of some aspects of the invention. This summary is not an extensive overview of the invention. It is intended to neither identify key or critical elements of the invention nor delineate the scope of the invention. Its sole purpose is to present some concepts of the invention in a simplified form as a prelude to the more detailed description that is presented later.

The subject innovation provides system(s) and method(s) to manage access to femto cell service through access control list(s), e.g., white list(s) or black list(s). Such access control list(s) can be configured through various apparatuses and in various modes, e.g., intractively or automatically, which facilitates access management of access to femto cell coverage. White list(s) includes a set of subscriber station(s) identifier numbers, codes or tokens, and can also include additional fields that can contain information respectively associated with communication devices to facilitate femto cell access management based at least in part on desired complexity; for instance, an additional field in a white list can be a logic parameter that determines whether an associated identifier is available for dissemination across disparate white lists. Values of attribute fields that determine white list(s), black list(s), or white list profile(s) can be generated through various sources. Access lists exchange among subscribers that posses provisioned femto access points and elect to share access lists also is provided. In addition, a system that implements reciprocal addition of device identifier attribute fields from subscribers also is provided. In an aspect, a first subscriber is added to a configured white list of a second subscriber, when the first subscriber configures a new white list, the second subscriber is reciprocally incorporated in the new white list. Such reciprocal addition mechanism is termed herein “forward sharing.” In another aspect, “forward sharing” of subscriber facilitates generation of associations among groups of subscribers that share specific commonalities. Various example aspects such as white list(s) management, maintenance and dissemination; automatic population or pre-configuration; and inclusion of wireless device(s) or subscriber(s) are also provided.

To the accomplishment of the foregoing and related ends, the invention, then, comprises the features hereinafter fully described. The following description and the annexed drawings set forth in detail certain illustrative aspects of the invention. However, these aspects are indicative of but a few of the various ways in which the principles of the invention may be employed. Other aspects, advantages and novel features of the invention will become apparent from the following detailed description of the invention when considered in conjunction with the drawings.

BRIEF DESCRIPTION OF DRAWINGS

FIG. 1 a schematic deployment of a macro cell and a femto cell for wireless coverage in accordance with aspects described herein.

FIG. 2 is a block diagram of an example system that facilitates addition of subscriber(s)/subscriber station(s) to one or more white list(s) in accordance with aspects described herein.

FIG. 3 is a block diagram of an example system that manages access control lists and generates related white-list based network(s) in accordance with aspects described herein.

FIG. 4 illustrates a block diagram of an example system that facilitates forward sharing of mobile device identifier attribute fields in accordance with aspects described herein.

FIG. 5 is a block diagram of an example system that assists forward sharing of mobile device identifier attributes among subscribers through a femto access point in accordance to aspects described herein.

FIG. 6 is a block diagram of an example system to share access control list(s), e.g., white list(s), in accordance with aspects described herein.

FIG. 7 is a block diagram of an example system that facilitates communication of a white list among subscribers in accordance with aspects described herein.

FIGS. 8A-8B is a block diagram of an example system that facilitates generation of access control list(s) and white profile list(s) to manage access to femto cell coverage, and example white list, black list and access profile, respectively, in accordance with aspects disclosed herein.

FIGS. 9A-9B illustrate block diagrams of example systems that exploit an access management component to configure or update access control list(s) (e.g., white list(s) or black list(s)) or white list profile(s) according to aspects described herein.

FIG. 10 is a block diagram of an example system that facilitates addition to a white list of mobile device identifier attribute fields on an ad hoc basis in accordance with aspects described herein.

FIG. 11 is a block diagram of an example system that facilitates automatic population of access list(s) (e.g., white list(s) or black list(s)) and generation of white list profile(s) in accordance with aspects described herein.

FIG. 12 is a block diagram of an example system that tracks subscriber station identifier attribute fields associated with access list(s) (e.g., white list(s) or black list(s)) on record with a femto service provider in accordance with aspects of the subject innovation.

FIG. 13 is a flowchart of an example method for updating an access list (e.g., a white list or black list) and a white list profile according to aspects described herein.

FIGS. 14A and 14B present, respectively, flowcharts of example method for updating an access list (e.g., a white list or a black list) and a white list profile according to aspect of the subject innovation.

FIG. 15 is a flowchart of an example method for sharing a white list in accordance with aspects disclosed herein.

FIG. 16 is a flowchart of an example method for exchanging white list(s) and for forward sharing according to aspects described herein.

FIG. 17 presents a flowchart of an example method for configuring privacy setting(s) that establish at least in part privacy policy(ies) according to aspects described herein.

FIG. 18 presents a flowchart of an example method for determining and exploiting network structure of a network of white lists associated with subscriber of femto service and consumer of non-femto service according to aspects described herein.

FIG. 19 is a flowchart of an example method for aggregating a white-list network through forward sharing of device identifier attribute fields, or device number identifier, according to aspects described herein.

FIG. 20 presents a flowchart of an example method for assisted forward sharing according to aspects described herein.

FIG. 21 presents a flowchart of an example method for utilizing an access control list (e.g., a white list or black list) or a white list profile to manage access to femto access point coverage of subscriber stations and subscribers according to aspects described herein.

FIG. 22 presents a flowchart of an example method for managing access of subscribers and subscriber stations to femto cell coverage according to aspects described herein.

FIG. 23 is a block diagram of an example system that manages a defined logic of how content(s) in access control list(s), e.g., white list(s) or black list(s), is maintained on a white list profile retained in a database in accordance with aspects described herein.

FIG. 24 is a block diagram of an example femto access point that operates in accordance with aspects disclosed in the subject specification.

FIG. 25 illustrates example macro and femto wireless network environments that can enable and implement various aspects of the subject innovation, and can exploit femto APs that operate according to the various aspects.

DETAILED DESCRIPTION

The subject innovation is now described with reference to the drawings, wherein like reference numerals are used to refer to like elements throughout. In the following description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the present invention. It may be evident, however, that the present invention may be practiced without these specific details. In other instances, well-known structures and devices are shown in block diagram form in order to facilitate describing the present invention.

As used in this application, the terms “component,” “system,” “platform,” and the like are intended to refer to a computer-related entity or an entity related to an operational machine with one or more specific functionalities. The entities disclosed herein can be either hardware, a combination of hardware and software, software, or software in execution. For example, a component may be, but is not limited to being, a process running on a processor, a processor, an object, an executable, a thread of execution, a program, and/or a computer. By way of illustration, both an application running on a server and the server can be a component. One or more components may reside within a process and/or thread of execution and a component may be localized on one computer and/or distributed between two or more computers. Also, these components can execute from various computer readable media having various data structures stored thereon. The components may communicate via local and/or remote processes such as in accordance with a signal having one or more data packets (e.g., data from one component interacting with another component in a local system, distributed system, and/or across a network such as the Internet with other systems via the signal).

In addition, the term “or” is intended to mean an inclusive “or” rather than an exclusive “or.” That is, unless specified otherwise, or clear from context, “X employs A or B” is intended to mean any of the natural inclusive permutations. That is, if X employs A; X employs B; or X employs both A and B, then “X employs A or B” is satisfied under any of the foregoing instances. Moreover, articles “a” and “an” as used in the subject specification and annexed drawings should generally be construed to mean “one or more” unless specified otherwise or clear from context to be directed to a singular form.

Moreover, terms like “user equipment,” “mobile station,” “mobile,” subscriber station,” “access terminal,” “terminal,” “handset,” and similar terminology, refer to a wireless device utilized by a subscriber or user of a wireless communication service to receive or convey data, control, voice, video, sound, gaming, or substantially any data-stream or signaling-stream. The foregoing terms are utilized interchangeably in the subject specification and related drawings. Likewise, the terms “access point,” “base station,” “Node B,” “evolved Node B,” “home Node B (HNB),” and the like, are utilized interchangeably in the subject application, and refer to a wireless network component or appliance that serves and receives data, control, voice, video, sound, gaming, or substantially any data-stream or signaling-stream from a set of subscriber stations. Data and signaling streams can be packetized or frame-based flows. Furthermore, the terms “access control list” and “access list” are also utilized interchangeably and intend to covey the same meaning unless otherwise explicitly noted.

Furthermore, the terms “user,” “subscriber,” “customer,” “consumer,” “prosumer,” “agent,” and the like are employed interchangeably throughout the subject specification, unless context warrants particular distinction(s) among the terms. It should be appreciated that such terms can refer to human entities or automated components supported through artificial intelligence (e.g., a capacity to make inference based on complex mathematical formalisms) which can provide simulated vision, sound recognition and so forth. As utilized herein, the term “prosumer” indicate the following contractions: professional-consumer and producer-consumer.

Referring to the drawings, FIG. 1 illustrates a schematic wireless environment (e.g., a network) 100 in which a femto cell can exploits various aspects described in the subject specification. In wireless environment 100, area 105 represents a coverage macro cell which is served by base station 110. Macro coverage is generally intended for outdoors locations for servicing mobile wireless devices, like UE 120 _(A), and such coverage is achieved via a wireless link 115. In an aspect, UE 120 can be a 3rd Generation Partnership Project (3GPP) Universal Mobile Telecommunication System (UMTS) mobile phone.

Within macro coverage cell 105, a femto cell 145, served by a femto access point 130, can be deployed. A femto cell typically covers an area 125 that is determined, at least in part, by transmission power allocated to femto AP 130, path loss, shadowing, and so forth. Coverage area typically is spanned by a coverage radius that ranges from 20 to 50 meters. Confined coverage area 145 is generally associated with an indoors area, or a building, which can span about 5000 sq. ft. Generally, femto AP 130 typically services a few (e.g., 1-9) wireless devices (e.g., subscriber station 120 _(B)) within confined coverage area 145. In an aspect, femto AP 130 can integrate seamlessly with substantially any packet switched (PS)-based and circuit switched (CS)-based network; for instance, femto AP 130 can integrate into an existing 3GPP Core via conventional interfaces like Iu-CS, Iu-PS, Gi, Gn. In another aspect, femto AP 130 can exploit high-speed downlink packet access in order to accomplish substantive bitrates. In yet another aspect, femto AP 130 has a LAC (location area code) and RAC (routing area code) that is different than the underlying macro network. These LAC and RAC are used to identify subscriber station location for a variety of reasons, most notably to direct incoming voice and data traffic to appropriate paging transmitters.

As a subscriber station, e.g., UE 120 _(A), leaves macro coverage (e.g., cell 105) and enters femto coverage (e.g., area 125), as illustrated in environment 100, UE 120 _(A) attempts to attach to the femto AP 130 through transmission and reception of attachment signaling, effected via a FL/RL 135; in an aspect, the attachment signaling can include a Location Area Update (LAU) and/or Routing Area Update (RAU). Attachment attempts are a part of procedures to ensure mobility, so voice calls and sessions can continue even after a macro-to-femto transition or vice versa. It is to be noted that UE 120 can be employed seamlessly after either of the foregoing transitions. Femto networks are also designed to serve stationary or slow-moving traffic with reduced signaling loads compared to macro networks. A femto service provider (e.g., an entity that commercializes, deploys, and/or utilizes femto access point 130) is therefore inclined to minimize unnecessary LAU/RAU signaling activity at substantially any opportunity to do so, and through substantially any available means. It is to be noted that substantially any mitigation of unnecessary attachment signaling/control is advantageous for femto cell operation. Conversely, if not successful, UE 120 is generally commanded (through a variety of communication means) to select another LAC/RAC or enter “emergency calls only” mode. It is to be appreciated that this attempt and handling process can occupy significant UE battery, and femto AP capacity and signaling resources as well.

When an attachment attempt is successful, UE 120 is allowed on femto cell 125 and incoming voice and data traffic are paged and routed to the subscriber through the femto AP 130. It is to be noted also that data traffic is typically routed through a backhaul broadband wired network backbone 140 (e.g., optical fiber backbone, twisted-pair line, T1/E1 phone line, digital subscriber line (DSL), or coaxial cable). To this end, femto AP 130 is connected to the broadband backhaul network backbone 140 via a broadband modem (not shown).

It is to be noted that as a femto AP 130 generally relies on a backhaul network backbone 140 for routing and paging, and for packet communication, substantially any quality of service (QoS) can be handled for heterogeneous packetized traffic. Namely, packet flows established for wireless devices (like terminals 120 _(A) and 120 _(B)) served by femto AP 130, and for devices served through the backhaul network pipe 140. It is to be noted that to ensure a positive subscriber experience, or perception, it is important for femto AP 130 to maintain a high level of throughput for traffic (e.g., voice and data) utilized on a mobile device for one or more subscribers while in the presence of external, additional packetized, or broadband, traffic associated with applications (web browsing, data transfer (e.g., content upload), and the like) executed in devices within the femto coverage area (e.g., either area 125 or area 145).

In the subject innovation, described functionality to authorize, permanently or temporarily, or deny or revoke access to specific subscribers, or subscriber station(s), comprise what is herein termed as an access control list(s) (e.g., white list(s) or black list(s))—an instrument for management of access to femto cell coverage. White list(s) can also have an associated white list profile as described hereinafter. In an aspect, access list(s) (e.g., white list(s) or black list(s)) and white list profile(s) can be relational database tables that include a set of one or more fields for each attribute in the tables. It is noted, however, that other table models (e.g., hierarchical, object oriented) can be employed to define access list(s) and white list profile(s). Various attributes can be defined for access list(s); for example, mobile device identifier attribute, which uniquely identifies the mobile device; public or private attribute, which can be an election flag (e.g., opt-in/opt-out flag) that establishes whether mobile device identifier can be shared among disparate access list(s); device technology attribute(s), which provides information on operation capabilities of mobile device(s) includes within white list(s); and so forth. As an illustration, a device identifier attribute in access list(s) (e.g., white list(s) or black list(s)) can support up to N fields (N a positive integer; e.g., N=50) for unique mobile phone numbers (e.g., mobile subscriber number integrated digital services network numbers (MSIDSNs), international mobile subscriber identity numbers (IMSIs)), or any suitable codes (e.g., electronic serial numbers (ESNs), subscriber identity module (SIM) credentials) or tokens that identify a mobile device. Number N of fields can be determined, or configured, by a service operator based at least in part on technical aspects (like network resources, quality of service consideration, macro area of coverage (e.g., metropolitan statistical area (MSA), or rural service area (RSA)) and commercial aspects (such as promotional considerations, mitigation of customer attrition, gains in market share, etc.) of provision of coverage. As an example, N can be subscriber dependent or femto AP dependent; e.g., premium subscriber that consumes substantive volume of data, like prosumers, can have larger N than subscribers that primarily consume voice. It should be appreciated that the magnitude of N can also be determined dynamically, and augmented on a subscriber-need basis within bounds determined by network capacity.

In an aspect of the subject innovation, black list(s) include a single attribute field which uniquely identifies a mobile device, the identified device is denied femto access service. It is noted that while a black list is a realization of an access list, and can be configured by a consumer according to aspects described herein, a black list can be employed as an administrative means to deny femto service under various criteria, e.g., lack of payment for service(s), unlawful utilization of a provisioned femto access point, and so forth. Mobile device identified in a black list can operate in “emergency call” mode only.

With respect to white list profile(s), one or more attributes thereon can be associated with a white list. The one or more attributes establish logic for utilization of femto coverage by mobile stations associated identified through a mobile device identifier attribute in a white list. White list profile(s) attribute(s) and values thereof can establish access privileges to femto coverage. In an aspect, white list profile(s) attribute(s) are related to field values, or records, in white list(s) via primary keys (e.g., a unique mobile device identifier) of the white list(s). As an example, for a mobile station catalogued via a respective identifier numeric attribute (e.g., MSISDN, IMSI) in a white list (e.g., white list(s) 254), service attribute(s) in the white list profile can determine at least one of the following. (1) A category of service (e.g., voice only, data only, voice and data), or a class of service, which determines access to specific applications or services such as scheduler, calendar(s), news streaming, authoring tools, gaming, video and music, etc., that is allowed for the mobile station; (2) quality of service configuration, or customization, for mobile device access to femto coverage, such as guaranteed QoS (e.g., guaranteed packet rate, or guaranteed block error rate) rather than best effort delivery; (3) time span of allowed service for the mobile station such as (i) temporary full access to provisioned femto service(s), e.g., full access for a specific time interval such as days (e.g., a relative is on vacation on a house with a provisioned femto AP) or hours (babysitter is on duty), or (ii) temporary restricted access, which can determine access to selected services only within a window of time in a day (voice and data allowed from 9:00 a-6:00 p, or voice allowed after 9:00 p which can facilitate billing schemes already established by an operator/service provider); (4) telecommunication technology allowed for use in a femto cell when the mobile station supports operation through multiple technologies (e.g., GSM, 3GPP UMTS, 3GPP LTE Advanced . . . ); (5) billing aspects for an identified mobile device; and so on.

In an illustrative aspect of the innovation, access list(s) (e.g., white list(s) 232 or black list(s)) and white list profile(s), or any set of numbers, codes or tokens thereon that comprise a set of mobile phones or mobile devices approved for coverage by femto access point (e.g., femto AP 130), can be portable through accounts or billing groups associated with a set of subscribers to a service operator that administers femto AP 130, or a macro network.

FIG. 2 is a block diagram of an example system 200 that facilitates addition of subscriber(s)/subscriber station(s) to one or more white list(s) 245 in accordance with aspects described herein. In example system 200, a network management component 205 (e.g., a provisioning server) includes an access list management component 210 which is functionally coupled to a subscriber database 225, a data storage 235 and a communication platform 215; the data storage 235 can be a distributed entity. It is noted that access list management component 210 can data-mine, e.g., through data mining component 212, subscriber database 225 and access list(s), e.g., white list(s) 245 which resides in data storage 235, to drive addition of new mobile device identifier attribute field linked to new subscribers, who have opted in to be included in white list(s), to a white list to request reciprocal adding in turn. It is noted that such a drive with reciprocity is termed herein “forward sharing,” which in an aspect is applied to device identifier attribute field(s). It is noted that forward sharing can be applied to substantially any access attribute field within an access list, e.g., a white list or black list, or a white list profile. Accordingly, it should be appreciated that the examples presented herein are illustrative and not limiting.

In an aspect, when a subscriber 260 in account K is identified for forward sharing, or reciprocal addition, based at least in part on privacy policy(ies) 254, and a device identifier number is received from subscriber 260, at a time the subscriber 260 configures his/her femto AP, a white list (WL) configuration request 255 is conveyed (e.g., via a wired or wireless link through communication platform 215) to the subscriber. Such WL configuration request 255, which can be embodied in signaling, can indicate that a disparate subscriber has subscriber 260 white-listed and prompts subscriber 260 to include in his/her white list the disparate subscriber. An illustrative scenario is the following: User 1 adds User 2 to his/her white list. When User 2 configures/activates his/her femto cell, a setup process (implemented, for example, through a web-based online graphic user interface (GUI), or a GUI that is part of an interface component in the provisioned femto cell) will prompt User 2 to add User 1. It is to be noted that access list management component 210 can exploit information in subscriber database 225 and data storage 235 in accordance with privacy policy(ies) 254, to inform User 2 of substantially all subscriber station numbers, codes or tokens, compatible with privacy policy(ies), that he/she can add automatically on a reciprocity basis; namely, User 2 can be prompted to add in related white list(s) those subscribers that have previously added him/her to their with list(s). White list configuration request 255 can be implemented through various interfaces like an online GUI, a real time prompt/alert delivered to a mobile device linked to subscriber 260, or an interface component in a provisioned femto access point, via SMS, MMS, email, instant message, USSD communication, and so forth.

It is noted that in example system 200, a processor (not shown) confer at least in part the functionality of the described components or platforms. Processor can be configured to execute, and can execute, code instructions stored in a memory (not shown), or a memory component thereon, to provide at least a portion of the described functionality. It should be appreciated that the processor can be a centralized element or be distributed among the above referenced components or platforms.

FIG. 3 is a block diagram of an example system 300 that manages access control lists (e.g., white lists or black lists) and generates related white-list based network(s) in accordance with aspects described herein. Access list management component 310, via data mining component 315, can access subscriber database 350 and data storage 360, which retains a set of white lists 362 associated with served subscribers, to associate whitelisted subscribers across disparate access control lists, e.g., white lists. In an aspect, such association can lead to genesis of white-list trees, which can be stored in white-list network records 352. As associations among subscribers and white list(s) 362 develop, access list management component 310 via, for example, format component 335 can implement mechanism(s) to mitigate exponential data growth of white-list network records, and to efficiently store such records, e.g., white-list trees. Format component 335 can provide storage mechanisms such as data-compression (e.g., wavelet, efficient tree representation, or the like), distributed data warehouses, and so forth. Subscriber data base 350 can be maintained by a service operator for femto and macro networks, and can include the white-list network records 352 and privacy policy(ies) 354, which facilitates regulation at least in part of access to subscriber-related information within data storage 360. In an aspect, a security component 325 can enforce privacy policy(ies). It should be appreciated that data storage 360 can be linked to various network platforms (e.g., service network(s), enterprise network(s), local area network(s) . . . ) linked to a mobile network platform operated by the service provider.

Access list management component 310 can deploy a white-list tree in accordance to the following illustrative, non-limiting scenario. (i) User 1 adds User 2 to his/her white list. (ii) User 2 adds User 3 to his/her white list. (iii) Thus, User 1 and User 3 can be associated through white lists. (iv) User 1 and User 3 can match User 4 extant on each other's white lists. (v) User 1 and User 3 can associate User 5 that is on User 4's white list. In an aspect, access list management component 210 effects associations, which establish white-lists network records 252, and manages generated white-list tree(s). It should be appreciated that substantially any association, hierarchical or non-hierarchical, or deployment of white lists (e.g., white list(s) 362) can be implemented by access list management component 210 through information stored in subscriber database 350 and data storage 360. An illustrative, non-limiting, advantage of structured, hierarchical generation of white lists to subscribers is that more subscribers can have access to femto cells to gain wireless coverage enhancement, or have access to added value through unlimited usage on any femto cell or unique services available via a set of femto cells.

In addition, white-list(s) network records 352 can reveal an underlying social network, since additions of device identifier attributes to white-list trees and other complex data structure can be based at least in part on social interaction (e.g., co-workers, classmates, teammates, role playing game partners . . . ) among subscribers linked to device identifier attributes. To reveal, at least in part, social network aspects of white-list records 352, and map a white-list network to legacy social networks (e.g., websites for social interaction and content exchange), access list management component 310 can exploit data mining component 415 to extract data from data storage 360, or substantially any set of databases that contain femto service subscriber intelligence (e.g., commercial information, behavioral information, or background information), to extract data pertinent to subscribers linked to mobile identifier attribute field within white list(s) 362. In addition, such data can be classified into a set of P (a natural number) segments 345 ₁-345 _(P) in accordance to a set of criteria related to social activity. For instance, the set of criteria can include location criteria, consumption pattern criteria, transportation criteria, temporal criteria, or the like.

It should be appreciated that each segment can reveal specific aspects of the social network underlying the white-list network records 352, and each segment includes a set of networks of femto service subscribers. Topology of such networks can provide actionable information with respect to service customization and product commercialization for groups of subscribers within a white-list network.

Alternatively, or in addition, social networking among subscribers can be driven through a set of services provided by a network operator, e.g., multimedia share services, multimedia delivery packages, which can identify individuals that share an interest for a particular service. Such individuals can form white-list record networks through forward sharing as described herein. It should be appreciated that forward sharing incorporates substantially any subscriber of a wireless service, without a need for the subscriber to posses a femto access point, since a device identifier attribute field associated with the subscriber is initially retained in a white list of femto service subscriber, or femto subscriber. Thus, connections can be forged among various types of subscribers through forward sharing a white list.

In accordance with an aspect of the subject innovation, data mining component 315 can utilize artificial intelligence (AI) methods to infer (e.g., reason and draw a conclusion based at least in part on a set of metrics, arguments, or known outcomes in controlled scenarios) a set of segments 345 ₁-345 _(P) based on a predetermined criteria. Artificial intelligence techniques typically can apply advanced mathematical algorithms—e.g., decision trees, neural networks, regression analysis, principal component analysis (PCA) for feature and pattern extraction, cluster analysis, genetic algorithm, and reinforced learning—to historic and/or current data associated with mobile devices served by a mobile network platform at the macro or femto level to facilitate rendering an inference(s) related to the mobile devices.

In particular, data mining component 315 can employ one of numerous methodologies for learning from data, e.g., machine learning methods, and then drawing inferences from the models so constructed, e.g., Hidden Markov Models (HMMs) and related prototypical dependency models. General probabilistic graphical models, such as Dempster-Shafer networks and Bayesian networks like those created by structure search using a Bayesian model score or approximation can also be utilized. In addition, linear classifiers, such as support vector machines (SVMs), non-linear classifiers like methods referred to as “neural network” methodologies, fuzzy logic methodologies can also be employed. Moreover, game theoretic models (e.g., game trees, game matrices, pure and mixed strategies, utility algorithms, Nash equilibria, evolutionary game theory, etc.) and other approaches that perform data fusion, etc., can be exploited in accordance with implementing various automated aspects described herein.

It is noted that in example system 300, a processor (not shown) confer at least in part the functionality of the described components. Processor can be configured to execute, and can execute, code instructions stored in a memory (not shown), or a memory component thereon, to provide at least a portion of the described functionality. It should be appreciated that the processor can be a centralized element or be distributed among the above referenced components.

In addition, example system 300 can track subscriber station identifier numbers (e.g., MSISDNs, IMSIs), codes or tokens, associated with white list(s) 362 on record with a femto service provider. It should be appreciated that as white-list network records proliferate, access list management component 310 can validate white list(s) 362, stored in data storage 360, against current subscriber accounts for femto service and associated subscriber station identifier numbers (e.g., MSISDNs, IMSIs), codes, or tokens, for a service provider. In particular, when a subscriber, or end user, cancels an account with service provider, white list(s) 462 can be updated according to information retrieved from subscriber database 450, which is updated as a result of the cancelled subscription, or substantially any other database available to a service provider that contains information on service subscribers. In addition, when an end user changes their mobile or subscriber station number, code or token, (e.g., after relocation to a new area code, or the like) substantially all white list(s) 362 that the mobile or subscriber station number, code or token is associated with can automatically be updated by access list management component 210.

An illustrative advantage of such automatic update of white list(s) 362 is ease of use for end users to maintain current white list(s) 362 without a need to keep track of each subscriber station number, code, or token associated with the white list(s) 362. In addition, updated white list(s) 362 maintains the value proposition of the femto cells for end users and service operator by a seamless move of traffic off of the macro network (e.g., a WAN) to femto network(s).

FIG. 4 illustrates a block diagram of an example system 400 that facilitates forward sharing of mobile device identifier attribute fields in accordance with aspects described herein. Access list management component 425 can prompt subscriber 410, associated with a service provider account L, to elect for inclusion of a device identifier number the uniquely identifies a device the subscriber operates. It is noted that subscriber 410 need not have access to a femto service account. It is noted that service provider operates a mobile network platform that provides macro service and femto service. Security component 445 can ensure that privacy policy(ies) 254 allows access management list to prompt subscriber 410. Signaling 415 can be embodied in low-level communications among access list management component 445 and a wireless device operated by subscriber 410; for instance, signaling 415 can include a multi-bit word conveyed in a control channel or a management frame, a set of reserved bits in a data packet, etc. Alternatively, or in addition, signaling 415 can be embodied in a SMS communication, a MMS communication, an email message, an instant message, a USDD communication, or the like. In a scenario in which subscriber 410 elects to be included, or flagged, within privacy policy(ies) 254 for forward sharing of one or more device identifier numbers of the subscriber 410, access list management component 425 can disclose, or expose, subscriber 410 to a set of Q (a natural number) subscribers 435 ₁-435 _(Q) with configured access lists, e.g., white lists, for forward sharing. In an aspect, subscriber 410 is disclosed through signaling 415. As subscribers 435 ₁-435 _(Q) add the mobile identifier attribute field(s) to their white lists, format component 450 can receive an indication form access management component 425 to update records within white-list network records 252. When subscriber 410 acquires femto service, and provisions a femto access point (e.g., femto AP 130), subscriber 410 can be prompted to reciprocate inclusion of mobile identifier numbers that were entered in white lists of one or more of subscribers 435 ₁-435 _(Q). In an aspect, subscriber 410 can be prompted to reciprocate through various mechanisms, such as email communication, SMS communication, instant message communication, configuration procedure via an interface component (e.g., a web-based GUI, a voice-based interface, a touch-based interface . . . ) that can be part of a femto access point to be configured, or a secondary apparatus (e.g., a personal computer) employed to configure the femto access point.

It is noted that in example system 400, a processor (not shown) confer at least in part the functionality of the described components or platforms. Processor can be configured to execute, and can execute, code instructions stored in a memory (not shown), or a memory component thereon, to provide at least a portion of the described functionality. It should be appreciated that the processor can be a centralized element or be distributed among the above referenced components or platforms.

FIG. 5 is a block diagram of an example system 500 that assists forward sharing of mobile device identifier attributes among subscribers through a femto access point in accordance to aspects described herein. Access management component 545, trough an access management component 547, can exchange signaling 515 with a set of Q (Q a natural number) subscribers 535 ₁-535 _(Q) in proximity with the access point 130 that facilitates inclusion of the subscribers in white list(s) 568. In an aspect, subscribers 535 ₁-535 _(Q) can be provided a default white list profile 573 that affords basic services such as voice and data within a best effort QoS. It is noted that, in an aspect, the Q subscribers 535 ₁-535 _(Q) exploit macro wireless service provided by a service provider that operates femto access point 130; thus, when in close proximity with femto access point 130, wireless devices operated by the subscribers 535 ₁-535 _(Q) can register with the femto AP 130 and be entered in white list(s) 568. When subscribers 535 ₁-535 _(Q) are served via femto AP 130, through communication platform 550 which includes telecommunication antennas and associated circuitry to facilitate wireless communication, access list management component 545 can prompt each subscriber in the set of subscribers 535 ₁-535 _(Q) to accept inclusion in white list(s) 568 and receive femto coverage; it is noted that a subset of one or more subscribers in the set of subscribers 535 ₁-535 _(Q) may not subscribe to femto service, while another subset may subscribe to femto coverage via femto access points disparate form femto AP 130. In such scenario, access management component 545 prompts subscribers 535 ₁-535 _(Q) to download over-the-air an application to interact with other subscribers within the area of femto coverage (e.g., area 125) spanned by femto access point 130; prompting can be provided through signaling 515 and embodied in one or more of a SMS message, an email message, a MMS message, or the like. Content(s) 527 related to the downloaded application can be served via a server(s) 515 within mobile network platform 505. Subscribers 535 ₁-535 _(Q) can elect to download the application and interact with other subscriber that elected to engage in utilization of the application.

In an aspect, to assist forward sharing of device identifier attribute fields, the application can expose those subscribers that have elected to be included in one or more white lists. Election to be included in one or more white lists can be a response to a prompt indicated through signaling 515. Additionally, access list management component 545 can receive network signaling 525 that indicates a group of the set of subscribers that opted to download the application who has femto service subscription(s). In another aspect, access management component 545 can incent such group to include non-femto subscribers through monetized content(s) such free voice minutes, ringtones, songs and video clips, add-on applications, or the like. Accordingly, forward sharing is promoted through femto coverage in at least two manners: (i) Social interaction among subscribers who elected to accept femto coverage and download the application, which can be free of charge since wireless service is provided via femto access point 130, the social interaction can develop interest in subscribers that desire to be included in one or more white lists. (ii) Exposure of subscribers that are interested to be included in a white list, and stimulus of subscribers that have configured white list(s). It is to be noted that when femto access point serves a commercial spot, subscribers can increase patron traffic with the ensuing potential for increased revenue. Moreover, utilization of femto access point 130 can offload over-the-air resources of mobile network, which is desirable. Thus, promotion of forward sharing through a commercial femto access point can be a confluence of commercial advantages for subscriber, owner of femto access point, and service provider. It should be appreciated that commercial value of forward sharing supported through access point 130 can be enhanced by pushing coupons and advertisement directly related to the commercial venue that owns or administers femto AP 130; for instance, in a bookstore, subscribers that interact through the downloaded social networking application can be presented with coupons for drinks, light appetizers, books, compact discs, etc.

FIG. 6 is a block diagram of an example system 600 to share access control list(s), e.g., white list(s) 620, among subscribers of a wireless network service in order to provide straightforward access configuration to, and activation of, a femto cell (e.g., femto AP 130) among femto cell subscribers. Subscribers can belong to disparate or same service accounts with either a macro service provider or femto provider, or both. For example, subscribers that share white list(s) 620 can pertain to a group or family associated with a single service account. In example system 600, subscriber A 610 who belongs to account K conveys white list(s) 620 over network 645, via a wired or wireless link 625, to subscriber B 630 who belongs to account J. Subscriber A 610 can hide or eliminate specific mobile device identifier attribute fields, e.g., subscriber station numbers, from white list(s) 620 that is granted to, or shared with, other subscribers. In an aspect, security component 640 can facilitate edition of white list(s) 620 based at least in part on privacy policy(ies) for dissemination of white list(s) associated with a subscriber that shares a white list. It should be appreciated that the granting of subscriber station numbers (e.g., MSISDNs, IMSIs . . . ), codes or tokens can substantially reduce the amount of time to configure, or set up a white list, as opposed to manually re-entering multiple (e.g., up to 50 numbers, codes or tokens) across multiple femto cells.

As indicated above, security component 640, or authorization layer, can ensure that unauthorized mobile subscriber numbers (e.g., MSISDNs, IMSIs . . . ), codes or tokens, are not provided when not approved by end users. In an aspect, security component 640 can generate election flags that reflect whether a mobile station can be added to a white list that is disseminated to subscribers other than (i) an originator subscriber, e.g., subscriber that is the source of the white list, or access list, or (ii) subscribers linked to a telecommunication service account owned by the originator subscriber. Such election flags can be retained in privacy policy(ies) 652. It should be appreciated that election flags can originate at least in part in privacy attribute field(s) in a white list that is shared; the privacy attribute field(s) entered by a subscriber that shares (e.g., submits) a white list. The aforementioned approval can be determined via privacy policy(ies) 652 associated with the end user, or subscriber linked to a mobile device, which can be stored in a subscriber database 650. The privacy policy can be configured/updated through various means like web-based interfaces, call center, text-message center, USSD messaging server, and so on; and can be received by security component 640 through signaling 612, retained in a subscriber database, and linked to a subscriber that establishes the privacy policy. Security component 640 ensures privacy integrity when white list(s) 620 are shared among subscribers of different accounts (e.g., J≠K). In an illustrative aspect, security component 640 can solicit or prompt, through signaling 642, subscribers outside a “white-list share” originating account (e.g., account K associated with subscriber A 610) to grant the authority for their subscriber station identifier number, code or token to be shared through white list(s) 620. Additionally, security component 640 can prompt subscriber(s) to configure privacy settings that determine, at least in part, privacy policy(ies) 652; for instance, security component can prompt a subscriber to elect to share access lists, e.g., white lists, or reciprocate a received access list (e.g., white list) upon reception of a white list form another subscriber. To the latter end, security component 640 can resort to various mechanisms to deliver signaling 642, which include, but are not limited to including, a short message service (SMS) communication, a multimedia message service (MMS) communication, instant message (IM) communication, email, voice mail, web pop up, and so on. Subscriber that receives a prompt can indicate a response through signaling as well, e.g., subscriber A 610 can convey signaling 612, while subscriber B 630 can convey signaling 632. Alternatively, or in addition, security component 1440 can mitigate security mechanism(s) complexity through validation via subscriber account information such as election (e.g., opt-in/opt-out) flags (e.g., stored in subscriber database 650 within a subscriber's white list(s) 654 or privacy policy(ies) 652) in order to grant automatic access to white list(s) within groups or families underneath a single service account, without additional security verification.

It is noted that in example system 600, a processor (not shown) confer at least in part the functionality of the described components or network. Processor can be configured to execute, and can execute, code instructions stored in a memory (not shown), or a memory component thereon, to provide at least a portion of the described functionality. It should be appreciated that the processor can be a centralized element or be distributed among the above referenced components, or network.

FIG. 7 is a block diagram of an example system 700 that facilitates communication of a white list among subscribers in accordance with aspects described herein. Subscriber A 705 utilizes interface component 710 to convey information, e.g., signaling 612, related to communication of white list(s) 620 to a subscriber B 630. It is noted that interface component 710 can be a part of one of various apparatuses such as a mobile device or a femto access point, or can reside at least in part in a service network (e.g., a non-mobile network platform such as a broadband internet service provider) or a mobile network platform 720. In example system 700, signaling 612 and white list(s) 620 are conveyed through a network link 625, which can be wired or wireless, to mobile network platform 720, wherein an access list management component 725, which is functionally coupled to security component 640, receives white list(s) 654. Access management component 755 also can convey, via backhaul link 140, a processed version of received white list(s) 620, e.g., white list 748, to an intended femto access point 130 provisioned to subscriber B 630. In an aspect, security component 640 processes received white list(s) 620 to ensure authorized identifier attribute fields in white list(s) 620 are delivered. Thus, processed white list 748 can include mobile device identifiers in accordance at least in part with privacy policy(ies) 652. Received white list(s) 620 and a copy of conveyed white list(s) 748 can be retained within data storage 740 in a memory element(s) white list(s) 745. In an aspect, data storage includes secure data storage which can be secured through security component. It is noted that data storage 740 can be a distributed entity, with portions thereof within a master database for mobile network platform 720 and portions within a femto network platform gateway node; it should be appreciated that subscriber database 650 also can be a portion of the master database for mobile network platform 720.

In femto access point 130, associated with, or provisioned to, subscriber B 630 who belongs to account J, communication platform 757 can receive shared white list(s) 748, and convey the received white list(s) 748 to access management component 755 which can administer femto coverage in accordance with access list(s) (e.g., white list(s) 748 or black list(s) 751) or white list profile(s) 753, and various additional aspects described hereinafter. In addition, access management component 755 can include an interface component 745, which can facilitate subscriber B 630 to convey signaling 749 in response to prompts conveyed by security component 735 and related to operation aspects of white list(s) dissemination. Received white list(s) 748 are retained in local data storage 759.

It is noted that in example system 700, a processor (not shown) confer at least in part the functionality of the described components or platforms. Processor can be configured to execute, and can execute, code instructions stored in a memory (not shown), or a memory component thereon, to provide at least a portion of the described functionality. It should be appreciated that the processor can be a centralized element or be distributed among the above referenced components or platforms.

FIG. 8 is a block diagram of an example system 800 that facilitates selection of subscribers, and mobile devices linked thereto, through an initial configuration or update, to access coverage from a femto cell, or femto access point; selection can enable or disable coverage for specific subscriber(s) link to specific subscriber station(s). In connection with authorization for access to femto cell coverage, example system 800 facilitates generation of a white list profile which includes parameters that control, or facilitate access logic to, femto cell coverage as provided (e.g., granted or denied) through access control list(s) (e.g., white list(s) or black list(s)). Moreover, example system 800 can retain access list(s) (e.g., white list(s) or black list(s)), or white list profile(s), and aggregate such access list(s) and white list profile(s).

Access field(s) associated with access list(s) (e.g., white list(s) or black list(s)) attribute(s) and white list profile(s) attribute(s) can be populated with content(s) received through a set of access field indication(s) 805, which is linked to a set of mobile devices and intended for at least one of access list(s) or white list profile(s). Access field indication(s) can be received from various apparatuses or sources such as a mobile device or a server in a network (e.g., a service network linked to a mobile network platform), and can be embodied in a short message service (SMS) communication, a multimedia service (MMS) communication, an email communication, instant message (IM) communication, an unstructured supplementary service data (USSD) message, or the like. In addition, access field indication(s) 805 can be embodied in lower level signaling such as a set of one or more bits in packet header or in control frames; packets can adopt various formats like, internet protocol (IP), frame relay, or asynchronous transfer mode (ATM). Access field indication(s) 805 can be processed by server(s) 850 that can provide the various services (e.g., email service) that facilitate the embodiments of access field indication(s). For example, a server(s) 850 can be embodied in an email server that administers an email account like towhitelist@provider.domain.com through which a subscriber can convey access field content(s), e.g., a mobile device identifier number, for a white list associated with the subscriber. The email server can extract received access field content(s) for inclusion in access control list(s) (e.g., white list(s) or black list(s)) or white list profile(s).

In addition to access field indication(s) 805, access list management component 810 can receive signaling 807, which can convey directive(s) to remove or add content(s) of access field(s) within an access list (e.g., a white list or black) or within a white list profile. In an aspect, signaling 807 can be received from various apparatuses or sources such as a mobile device or a server in a network (e.g., a service network linked to a mobile network platform), and can be embodied in a SMS communication, a MMS communication, an email communication, IM communication, a USSD message, or the like. In addition, signaling 807 can be embodied in lower level signaling such as a set of one or more bits in packet header or in control frames.

In example system 800, validation component 812 can ensure integrity of data, e.g., content(s) identified through received access field indication(s) 805, related to access list(s) (e.g., white list(s) 832 or black list(s) 836) and white list profile(s) 834; access list management component 810 can receive access field indication(s) 805. In an aspect, validation component can validate (e.g., either accept or reject) a mobile device identifier attribute through one or more check procedures that rely on a set of criteria applied to the received access field indication(s) 805 of the identifier attribute value. At least one of data mining component 816 or tracker component 818 can assist with validation of field content(s) received through access field indication(s) 805. For example, tracker component 818 can monitor changes (e.g., updates) to subscribed service and identifier numbers for served subscribers, while data mining component 816 can gather information related to one or more criterion on the set of criteria, through networked access to subscriber database 840, or substantially any, or any, other database or data storage 830 accessible to a mobile network that facilitates coverage through a femto access point (e.g., femto AP 130) or a macro cell base station. It is noted that data exchange among access data mining component 818 and accessible databases can proceed securely; security mechanism(s) can be provided, in an aspect, by security component 820. The set of criteria can include at least one of the following. (i) Valid mobile device identifier (e.g., wireless device numbers such as MSISDNs, codes or tokens). (ii) Active mobile device identifier, or identifier flagged for update; e.g., received access field indication(s) 805 conveys an identifier field that corresponds to an old phone number that is to be updated to a current number. (iii) Status of election (e.g., opt in) or non-election (e.g., opt out) flags for inclusion in a white list, wherein status is conveyed, for example, via a K-bit word (K is a natural number) within an entry for the mobile device in a subscriber database. (iv) Operational capabilities of the mobile device (e.g., wireless technology utilized by the device such as 2G, 3G, or 4G technologies, radio frequency bands in which the mobile device can receive communications . . . ). (v) commercial standing (e.g., good standing or outstanding bill payments, hotlined mobile device in view of recurring lack of timely payments for service, stolen device . . . ); or the like.

Access list management component 810 can generate at least one of access list(s) (e.g., white list(s) 832 or black list(s) 836) or white list profile(s) 834 based at least in part on valid received access field indication(s) 805. Generated access list(s), e.g., white list(s) 832 or black list(s) 836, and generated white list profile(s) 834 can be retained in data storage 830. It should be appreciated that data storage 830 can be deployed at least in part within a service provider network platform (e.g., macro network platform or femto network platform) that exploits access list management component 810, or in network(s) external to the service provider network platform such as non-mobile network platform(s) (e.g., broadband internet service provider, enhanced 911 service, billing platforms, multimedia services . . . ). Alternatively, or in addition, access list(s) or white list profile(s) can be stored in a subscriber database which is typically linked to the service provider network platform.

Example white list 260 and a realization 290, black list 270, and white list profile 280 are presented in FIG. 8B. Example white list 260 includes two access field attributes: DeviceID, which uniquely identifies a device, and OptInFlag which indicates whether a specific device has opted in for dissemination, or inclusion, in disparate white lists; realization 290 of example white list 260 illustrates T (a natural number) access fields populated with MSISDN 1-T for access field attribute DevicelD, and character type access fields for access field attribute OptIn. Example black list 280 includes a single access field attribute DeviceID, while example WhiteListProfile 280 includes five access field attributes: SrvCodeID, a unique identifier for a service profile given by the 4-tuples in the profile; DeviceID which is a foreign key that identifies a device for which service profile code applies; a QoSCat attribute, e.g., conversational; a BndWCat attribute that determines how much bandwidth device identified through DeviceID is allotted; and TimeCat attribute which indicates a time interval during which the attributes are granted.

Access list management component 810, through format component 814, can format access list(s) (e.g., white list(s) 832 or black list(s) 836) or white list profile(s) 834 in accordance with various schemas, such as hypertext markup language (HTML) and extensible markup language (XML) and variants (e.g., state chart XML (SCXML)), that are portable among computing platforms, wireless (e.g., a portable computer or mobile device) or otherwise, and object-oriented computing languages employed by a wireless device such as Delphi, Visual Basic, Python, Perl, Java, C++, and C#, and circuitry programming level languages such as Verilog. Such portability can facilitate straightforward exchange of access list(s) (e.g., white list(s) or black list(s)) among subscribers and related billing groups of a service provider. Extensibility afforded by such formats can facilitate aggregation of access lists (e.g., white lists) and extraction of at least portions thereof, in web-based applications web-based commerce (ecommerce) systems, blogs, peer-to-peer exchange web applications, social networking websites, or the like; it should be appreciated that aggregation and extraction of access lists (e.g., white lists) can be conducted, through at least one of data mining component 816 or validation component 812 in access list management component 810, as a part of access list(s) (e.g., white list(s) or black list(s)) administration at the network level. Additionally, format component 814 can compress (e.g., via non-lossy wavelet-based compression) or index aggregated access list(s) (e.g., white list(s) 832 or black list(s) 836) for efficient storage. Moreover, format component 814 can commit an identifier to an access list (e.g., white list(s) 832) in a network native format (e.g., full-length digit for a MSISDN or IMSI), or via unique identifier code numbers for the device (e.g., electronic serial number (ESN), international mobile equipment identity (IMEI), or mobile equipment identification (MEID)). It is noted that subscribers are not generally exposed to such formats. It should be appreciated that a white list and a white list profile can be merged into a single component or entity.

Access management component 810 conveys, via broadband backhaul pipe 140, at least one of generated white list 842, white list profile 844, or black list 846. It should be appreciated that when no access field indication(s) 805 are received, access list management component 810 can convey a default white list 842 with an identifier attribute populated with identifier fields for substantially all, or all, wireless devices provisioned to a subscriber that acquires femto cell service. It should be appreciated that access list management component 210 can reside within a femto access point (e.g., femto AP 130), e.g., within access management component 355. In such a scenario access management component 210 can convey at least one of generated white list 242, white list profile 244, or black list 246 to a memory within the femto access point.

Generation of access list(s) (e.g., white list(s) 832 or black list(s) 836) and white list profile(s) 834 as described in connection with aspects and features of example system 800, provides at least the following three illustrative advantages. (1) Security against devices attempting to hack into the femto AP when networked with it, and support of extensible sharing/networking of the authorization scheme; e.g., white list(s) can be shared. (2) Capacity to determine and customize quality of service (QoS), grade of service, or service experience, for specific authorized subscribers; in an aspect, such capacity enabled or provided via utilization of white list profile(s) 834. (3) Capacity to ensure integrity of data related to access list(s) (e.g., white list(s) 832 or black list(s) 836) and white list profile(s) 834.

It is noted that in example system 800, processor 822 confers at least in part the described functionality of access list management component 810 and components therein. Processor 822 can be configured to execute code instructions stored in a memory (not shown), or a memory component thereon, to provide at least a portion of the described functionality. It should be appreciated that the processor can be a centralized element or be distributed among the above referenced components, server, and platform.

Various illustrative aspects of the subject innovation based at least in part on an access control list(s) (e.g. white list(s) or black list(s)) concept are discussed next. It is to be noted that variations and extensions of such illustrative aspects are possible and are within the scope of the subject innovation.

FIGS. 9A-9B illustrate block diagrams of example systems that exploit an access management component to configure or update access control list(s) (e.g., white list(s) or black list(s)) or white list profile(s) according to aspects described herein. In example system 900, mobile device(s) 905 generates and delivers one or more access field indication(s) 805. It should be appreciated that mobile device 905 need not be served, even though it can be served, through femto service to deliver access field indication(s) 805; for instance, such indication(s) can be conveyed out-of-network (e.g., via a visited network or roaming network). In an aspect, field generation component 915 can generate a set of one or more access field indication(s) 805. As described above, access field indication(s) 805 can convey field content(s) for access list(s) attributes or white list profile attribute(s). In addition, mobile device(s) 905 can convey signaling 925 in conjunction with access field indication(s) 805 in order to manipulate access control list(s) (e.g., white list(s) or black list(s)) or white list profile(s), wherein manipulation includes at least one of removal of specific attribute fields, or update of an attribute field. It is noted that removal or update can be effected in one or more access control list(s) or white list profile(s) as indicated in received signaling 925. It is noted that mobile device(s) 905 also can exchange signaling 925 with access list management component 810 to receive authorization to convey access field indication(s) 805; security component 820 can implement, at least in part, secure communication (e.g., password protection, encryption, or the like).

In an aspect, conveyed content(s) can provide a new identifier attribute field for mobile device in order to update a white list 842 associated with a subscriber that operates mobile device(s) 905. As an example, an individual can remotely provide access to femto coverage to a home appliance with wireless capability in order for a technician who services the appliance be able to run diagnostics for the appliance in a remote server and exploit the substantive broadband bandwidth of backhaul backbone that connects the femto AP to a mobile network platform.

In another aspect, access field indication(s) 805 delivered through device(s) 905 can include an updated service attribute field for a white list profile 844 to update the access logic for a mobile device identified in a white list 842 associated with a subscriber that has access to a femto access point. As an example, a trusted visitor in a home (e.g., a grandparent taking care of grandchildren during after-school hours) can be added from a remote location (e.g., workplace) to white list 842 in a temporary session with full privileges to access femto service in the home.

In addition, mobile device 905 can send signaling 925 to request add-on services associated with a device identifier attribute field in a white list 842. Such add-on service can be supported at least in part through server(s) 850. As illustrative, non-limiting scenarios, add-on services can include usage monitoring, configuration of alarms when specific usage of femto service is effected, e.g., a multi-hour download of age inappropriate content(s), chat sessions with sources of unknown reputation, call activity logs, or the like. It should be appreciated that one or more add-on services abide by privacy settings (not shown) associated with the add-on service; validation component 812 can enforce such privacy settings.

With respect to FIG. 9B, example system 930 facilitates manipulation of access list(s), e.g., black list(s) 941, white list(s) 943, and white list profile(s) 945 in accordance with aspects described herein. Interface component 935 facilitates configuration, or setup, of white list(s) 943, and white list profile(s) 945 of wireless mobile station numbers approved for coverage through femto access point 130. It is to be noted that substantially any identification token(s), label(s), or code(s) that identify a subscriber station can be employed as identifier attribute field(s) in white list(s). In addition, interface component 935 can facilitate configuration of black list(s) 941 and white list profile(s) 945.

Through field generation component 938, interface component 935 facilitates generation of access field indication(s) which are conveyed, via network link(s) 947, for example, to access list management component 810. It is noted that network link(s) 947 can be embodied in a Gi reference link. As discussed above in connection with FIG. 8A, access list management component 810 can generate access list(s) (e.g., white list(s) or black list(s)) and white list profile(s), which are conveyed to interface component 935. In an aspect, field generation component 938 can receive through interface component 935 one or more values for various attribute fields that define an access list(s) (e.g., black list(s) 941 or white list(s) 943) or white list profile(s) 945. It is noted that interface component 935 can convey attribute fields that are include in the access list(s) or white list profile(s), in order to prompt entry of values for attribute fields (e.g., a mobile device identifier such as a 10-digit mobile directory number, a MSISDN number, an IMSI number, a flag to opt-in/opt-out of inclusion of white list(s), a value that allows specific service categories . . . ).

In example system 930, interface component 935 is networked (e.g., via a wide area network (WAN), local area network (LAN), or backhaul pipe like backhaul network backbone 140) with femto AP 130 and conveys black list(s) 941, white list(s) 943, or white list profile(s) 945 over network link(s) 947. In an aspect, interface component 935 can connect to femto AP 130 via secure login (e.g., virtual private network, secure file transfer, secure copy . . . ) supported at least in part by network 950. It is noted that network 950 can include one or more networks that facilitate at least in part operation of interface component 935 and communication with femto access point; for example network 950 can include non-mobile broadband internet service provider, local area network, or a mobile network platform (e.g., a core network in a cellular telecommunication environment).

In an aspect, interface component 810 can be a web-based, online graphic user interface (GUI); however, other networked interfaces that facilitate to enter, or configure, white list(s) are possible; for instance, voice or sound commanded interface(s), touch commanded interface(s), biometric commanded interfaces(s), and the like. It is noted that all possible embodiments can include field generation component 938, which can expose an operator that interacts with interface component 935 to prompts and other indicia or gestures to gather values for attribute fields for black list(s) 941, white list(s) 943, or white list profile(s) 945. In example scenarios, it should be appreciated that biometric commanded interface(s) can be employed in environment(s) wherein addition(s) to white list(s) 943 or black list(s) 941, or white list profile(s) 945 is controlled by authorized personnel with specific clearances to add/remove attribute fields, since communication can be classified.

Additionally, in example system 930, a communication platform 957 in femto access point 130 facilitates reception of at least one of black list(s) 941, white list(s) 943, or white list profile(s) 945, and conveys the received at least one of black list(s) 941, white list(s) 943, or white list profile(s) 945 to an access management component 955 that can exploit the received access list(s) (e.g., white list(s) 943) to manage access (e.g., grant, deny, or adjust or modulate) to coverage provided by femto AP 130. The received at least one of black list(s) 941, white list(s) 943 or white list profile(s) 945 can be stored in data storage 959 in the femto AP 130; even though white list(s) 943 and white list profile(s) 945 can be stored in disparate network components like a network component (e.g., subscriber database 240 or data storage 230) administered by a service operator. In addition, interface component 935 can access a subscriber database 240 through network 950, in order to extract identification numbers or identifiers, codes, tokens, or labels for subscribers/subscriber stations that can be entered in a access list(s) (e.g., black list(s) 941, white list(s) 943) or white list profile(s) 945.

It is noted that in example systems 900 and 930, respective processors (not shown) confer at least in part the functionality of the described components and platform(s). Processor(s) can be configured to execute code instructions stored in a memory (not shown), or a memory component thereon, to provide at least a portion of the described functionality. It should be appreciated that the processor can be a centralized element or be distributed among the above referenced components, server, and platform.

In contrast to management of access authorization via femto access point 130, configuration (e.g., setup or update) of access list(s) (e.g., black list(s) 941, white list(s) 943 (registration authorization for femto coverage)) and white list profile(s) 945 through network mechanisms (e.g., interface component 210) provides at least the following advantages. It is to be noted that the following advantages are illustrative and not limiting, as other advantages associated with white list(s) 220 are possible and are intended to lay within the scope of the innovation(s) as described in the subject specification. (1) Access through a networked interface (online or otherwise) reduces provisioning lead time and provides a means for customers to update and personalize femto AP autonomously (e.g., free of interaction with technical support entities) at substantially any time. (2) Security against devices attempting to hack into the femto AP when networked with it, and support of extensible sharing/networking of the authorization scheme; e.g., white list(s) can be shared. (3) Networked interface (online or otherwise) provides a superior, rich customer experience substantially free of requirement(s) to understand/interpret femto AP programming interface or configuration nomenclature. (4) End user(s) can manage (e.g., remove select covered numbers, or add additional numbers for coverage up to an allotted amount (e.g., upper bound N) for white list(s) associated with the user. (5) Capacity to determine and customize quality of service (QoS), grade of service, or service experience, for specific authorized subscribers; in an aspect, such capacity enabled or provided via utilization of white list profile(s) 234. (6) Capacity to ensure integrity of data related to access list(s) (e.g., white list(s) 832 or black list(s) 836) and white list profile(s) 834.

FIG. 10 is a block diagram of an example system 1000 that facilitates addition to a white list of mobile device identifier attribute fields on an ad hoc basis in accordance with aspects described herein. In example system 1000, device(s) 1010 can convey, e.g., through signaling, a request or query 1015 to access coverage of femto AP 130; query 1015 can be delivered in a control channel when femto AP 130 operates in wireless broadband mode or in a management frame or packet when in-band operation of femto AP 130 is implemented. It should be appreciated that a multi-mode chipset can operate, at least in part, communication platform 957 in order for it to receive and convey signal in various telecommunication mode(s). Query 1015 can be received by communication platform 957, and access management component 955 can be configured to allow or reject the request; allowance of rejection of a request can be based on various metrics, such as security, type of device, profile of subscriber linked to the device that requests access, and so on. Configuration to allow or reject the request includes exchange of network signaling 1025 in order to access relevant information associated with mobile device 1010. In an aspect, access management component 1020, which can operate in substantially the same manner as access list management component 810, can facilitate validation of requester device(s) 1010 based upon the aforementioned metrics.

Upon allowance of a request (e.g., query 1015), access management component 955 can query for available slots, or attribute fields, to be filled in white list(s) 943 associated with account(s) served by femto AP 130. When memory space necessary to include an identifier attribute field value is available for a subscriber station identifier number (e.g., MSISDN, IMSI, ESN, IMEI), code or token, query 1015 can further probe whether access is allowed on a permanent, or temporary basis (e.g., to reduce risk exposure to security problems). Characteristics of femto coverage allowance can be set or pre-set through access management component 955 through determination of white list(s) 943 and associated white list profile(s) 945. In an aspect, white list profile(s) 945 can dictate access privilege(s) for an allowed requester mobile device 1010 in accordance with default attribute field values in white list profile(s) 945, which can be configured through access list management component 1020 at a time femto access point 130 is provisioned. As an example, a default white list profile can allow limited service (e.g., only voice) to requester device(s) 1010, or it can customize attribute fields in the default white list profile based at least in part on information gathered in connection with requester device(s) 1010. Subsequent to allowance and examination of information related to relevant white list(s) 943, access management component 955 updates white list(s) 943, and related white list profile(s) 945, stored in data storage 959, to reflect the approved request for femto coverage. Upon an identifier for requester device(s) 1010 is entered in white list(s) 943, an acknowledgment (ACK) 1017 is delivered to device(s) 1010 to indicate addition to white list(s) 943 and femto service privileges accorded via white list profile(s) 945. It is to be noted that access and update of collected subscriber identifier numbers (e.g., MSISDN, IMSI), codes, or tokens, also can be implemented through network-based white list database(s), via at least in part network signaling 1025. It is to be noted that query 1015 can be conveyed via an online GUI (e.g., interface component 935); an email message; a SMS communication; a MMS communication; USSD (or * and # codes) messaging; a voice mail, in order to utilize recognition as a security layer prior to grant access to femto AP coverage; a web prompt; or the like.

An illustrative, non-limiting advantage of example system 1000 is that it provides an enhanced end user experience with a direct, clear mechanism to add new mobile device identifiers in white list(s), and thus encourages use of the femto access point 130, and avoids time spent on edition of white list(s) through a networked interface (e.g., interface component 210) like an online interface which typically takes time, a minimum degree of technological savvy, for the end user to access to the Internet and log on in a secured interface, for example.

It should be appreciated that substantially any wireless device within coverage area of femto AP 130 (e.g., area 125) can request access without intervention of a subscriber that operates femto AP 130, and who has previously entered a set of subscriber station numbers (e.g., MSISDNs, IMSIs), codes or tokens, via a networked interface (e.g., interface component 935), for example. Alternatively, or in addition, a request for access (e.g., query 1015) can be prompted by a device utilized by a subscriber that operates the femto AP. Further a request for access can be effected by the femto AP, through an access management component like component 955, for example. When a request is granted, a secure tunnel can be established from the device/client through the femto cell's internet protocol (IP) connection or the default connection of a radio access network (RAN) if the IP connection is not available. Secure layers including utilization of the femto cell's virtual private network (VPN) and/or USSD messaging would ensure that the transaction related to edition or manipulation of white list(s) 943, or white list profile(s) 945, is in fact secure. In an aspect, a security component within access management component can facilitate at least in part the secure communication.

As an example, a temporary visitor (e.g., a relative on vacation) or employee (e.g., a babysitter) who is coming over to a location served by a femto access point (e.g., femto AP 130) for a limited period of time, can be provided with coverage via the femto AP by a subscriber that operates the femto cell so the employee can perform, at least in part, his work activities (e.g., provide updates on behavior of children, be contacted reliably through a mobile device . . . ) through utilization of the femto access point. In case the subscriber fails to know identifier numbers (e.g., MSISDNs, IMSIs), codes, or tokens for mobile devices the employee can utilize, and the subscriber is not interested to go through the process of requesting and entering the numbers (e.g., MSISDNs, IMSIs), codes or tokens via a networked interface (e.g., interface component 935) to allow coverage for the limited period of time the employee performs work, the employee (e.g., babysitter) can convey a request (e.g., query 1015) for access to femto coverage directly from the employee's device when in range of the femto access point (e.g., within area 125).

FIG. 11 is a block diagram of an example system 1100 that facilitates automatic population of access list(s) (e.g., white list(s) or black list(s)) and generation of white list profile(s) in accordance with aspects described herein. In example system 1100, a subscriber 1105 who utilizes account device(s) 1115, can provision femto AP 130 and associate account device(s) 1115 with a service account via networked interface component 935 (e.g., an online account management system) which can look up into substantially all subscriber station(s) identifier numbers (e.g., MSISDNs), codes or tokens associated with the service account, and automatically populate access list(s) (e.g., white list(s) 348 or black list(s) 351) with the extracted subscriber station(s) numbers, codes or tokens. Account device(s) 1115 is part of a subscriber's service account, which can be an account for femto service, and/or macro service, wherein one or more account consumers are billed in accordance to the same billing scheme (e.g., voice and data rating, price point(s) for add-on applications, price point(s) for store on-the-cloud . . . ). As an example, the set of account devices 1115 can include handsets and phone numbers (e.g., an international mobile subscriber identity (IMSI) number) that identify the handsets, or cards for wireless service (e.g., subscriber identity module (SIM) cards). It is noted that subscriber 1105 can generally access the 10-digit mobile subscriber identification number provided by a network operator, rather than full-length identifier numbers (e.g., identifier field attributes) for account device(s) 1115.

Subscriber 1105, via interface component 935, can remove or add subscriber station(s) numbers (e.g., MSISDNs, IMSIs), codes, or tokens, extant in pre-populated white list(s) 232; additional edits can be performed as well, based at least in part on the complexity of white list(s) 232 and desired access privileges to femto coverage, provided by femto AP 130, that are to be conferred to whitelisted (e.g., included in white list(s) 232) mobile devices as dictated by white list profile(s) 234. In an aspect, to pre-set white list(s) 348, networked interface component 935 access information stored in subscriber database 240 through network 750 which can include information technology systems of a service provider, and data storage related to service network(s) (e.g., internet protocol (IP) multimedia subsystem (IMS)) that provide services to a mobile network platform administered by the service provider. Subscribers that present election flags that decline inclusion in white list(s) are not provided for subscriber 1105 to browse. Additionally, to further ensure privacy, partial identifiers in conjunction with a selector component (not shown) can be provided to subscriber 1105 to provide access field indication(s) (e.g., identifier attribute fields) associated with mobile device that opted in to access list management component 210. As discussed above, white list(s) 348 and white list profile(s) 234 are conveyed through network 950 via network link(s) 947 to femto access point 130 and retained therein; communication platform 255 receives white list(s) 220, and access management component 955 stores access list(s) (e.g., white list(s) 943 or black list(s) 941) and white list profile(s) 945 in data storage 959.

Interface component 935 can prompt, or query, subscriber 1105 in connection with establishment of access list(s), e.g., white list(s) or black list(s), and receive responses associated thereto. Prompt(s) can be generated by field generation component 938, or a provisioning server (not shown) associated with access list management component 210. In an aspect, prompts are directed to collection of subscriber preferences in connection with configuration of access list(s) (e.g., white list(s) or black list(s)) for the set of account devices 1115 and identifier attribute fields thereof that can be provided by subscriber 1105. Field generation component 938 also can prompt subscriber 1105 to provide content(s), e.g., parameter(s), for attribute field(s) that determine characteristics of service (e.g., temporary access, permanent access, specific services . . . ) to be provided to account device(s) 1115 entered in an access list (e.g., white list(s) 348).

Illustrative advantages provided by example system 1100 are (a) reduced femto cell provisioning lead time, and (b) immediate utilization of a femto cell with mobile numbers that belong to a same service account, with the ensuing billing simplifications (e.g., bundle pricing, voice credits reutilization or transfer among whitelisted (e.g., committed to a white list(s)) numbers, etc.); operation monitoring capabilities (e.g., a parent can monitor usage of voice and data services through femto AP 130 of a child) which can be set through parameter(s) in white list profile(s) such as white list profile(s) 234; enhanced indoor wireless coverage; and so forth; whether subscribers of such numbers subscribe to the femto cell or a feature application, or code, that delivers a femto cell service.

It is noted that in example system 1100 a processor (not shown) can confer at least in part the described functionality of the various components or platform(s) in the example system 1100, and component therein, included aforementioned systems. The processor can be configured to execute, and execute, code instructions stored in a memory (not shown), or a memory component thereon, to provide at least a portion of the described functionality. It should be appreciated that the processor can be a centralized element or be distributed among the various referenced systems, component, networks, and platform.

FIG. 12 is a block diagram of an example system 1200 that tracks subscriber station identifier attribute fields (e.g., MSISDNs, IMSIs), codes or tokens, associated with access list(s) (e.g., white list(s) or black list(s)) on record with a femto service provider in accordance with aspects of the subject innovation. When a subscriber (e.g., subscriber 1105), or end user, that operates mobile device(s) 1210 cancels an account or subscription with a wireless service provider or changes an identifier number, code, or token, associated with mobile device(s) 1210 and that serves as an identifier attribute field in white list(s), the subscriber can convey a request 1215 via mobile device(s) 1210 to remove the identifier number thereof from substantially all, or all, white list(s) 232 on record in a subscriber database 1230 or substantially any other database available to a service provider that contains information on service subscribers. It should be appreciated that request(s) 1215 can be conveyed as signaling in a control channel or management frame for control communication with femto access point 130. In an aspect, access management component 955 can convey an indication to a mobile wireless platform (e.g., a core network), via backhaul pipe 140, to update white lists (e.g., white list(s) 232) associated with a subscriber linked to device(s) 1210 in accordance to request(s) 1615. It is noted that local records of white list(s) 220 are also updated as a result of request 1215; local update takes place in all femto APs that include white list(s) that comprise mobile device 1210 identifier number that is cancelled.

Additionally, or alternatively, when an end user changes mobile or subscriber station number, code or token, (e.g., after relocation to a new area code, or the like), request(s) 1215 can be delivered to femto access point 130 to automatically update substantially all, or all, white list(s) 232 on record that include mobile device 1210 identifier number, code, or token. Access management component 955 can deliver signaling via backhaul pipe 140 to a mobile network platform to update white list(s) 1220 records in subscriber database 230. It is noted that local records of white list(s) 943 in all femto APs that include white list(s) that comprise mobile device 1210 identifier number that is updated.

An illustrative advantage of such on-request automatic update of white list(s) 232, and local white list(s) 943, is ease of use for end users to maintain current white lists at the network level and local, e.g., femto AP 130, level without a need to track each of the end user's subscriber station number, code, or token associated with the white list(s) 232. In addition, updated white list(s) 232 and white list(s) 943 maintain the value proposition of the femto cells for end users and service operator by a seamless move of traffic off of the macro network (e.g., a WAN) to femto network(s).

In view of the example systems described above, example methodologies that can be implemented in accordance with the disclosed subject matter can be better appreciated with reference to flowcharts in FIG. 13-22. For purposes of simplicity of explanation, the example methodologies, or methods, are presented and described as a series of acts; however, it is to be understood and appreciated that the claimed subject matter is not limited by the order of acts, as some acts may occur in different orders and/or concurrently with other acts from that shown and described herein. For example, it should be understood and appreciated that a methodology, or method, could alternatively be represented as a series of interrelated states or events, such as in a state diagram, or interaction diagram. Moreover, not all illustrated acts may be required to implement a methodology in accordance with the subject specification. Additionally, it is noted that two or more methodologies, or methods, described herein can be enacted in conjunction. Furthermore, it should be further appreciated that the methodologies, or methods, disclosed hereinafter and throughout this specification are capable of being stored on an article of manufacture to facilitate transporting and transferring such methodologies, or methods, to computers for execution by a processor or for storage in a memory.

FIG. 13 is a flowchart of an example method 1300 for updating an access list (e.g., a white list or black list) and a white list profile according to aspects described herein. The subject example method 1300 can be enacted by a component within a mobile network platform (e.g., a core network in cellular technologies such as 3GPP UMTS, 3GPP Long Term Evolution (LTE), 3rd Generation Partnership Project 2 (3GPP2) Ultra-Mobile Broadband (UMB)). At act 1310 a default access list and default white list profile are configured. Configuration of an access list can include populating a set of access fields and committing the access list (e.g., a white list or a black list) to memory (e.g., a subscriber database). Default access field values for a white list can include a single field that identifies a mobile device for a subscriber that provisioned a femto access point for which the white list is intended. For a black list, default access field values can include a NULL descriptor and thus no mobile device is explicitly denied access to a femto access point. With respect to a default white list profile, each mobile station associated with an access field that identifies the mobile station in a white list related to the default white list profile is allowed full access to femto service or coverage; the full access dictated by a service plan acquired by a subscriber for which the femto AP is provisioned.

At act 1320, a set of access field indications associated to a set of mobile devices is received, each field indication in the received set of field indication is intended for at least one of an access list or a white list profile. The set of access field indications can convey at least in part a set of identifiers, or identification numbers, for each mobile device in the set of mobile devices; the identifiers include MSISDNs, IMSI numbers, or codes or tokens that uniquely identify a mobile device at the hardware level, such as ESN, IMEI, MEID or the like. In addition, access field indications can convey access field values that establish access privileges to femto coverage; privileges can include type of service, time span of coverage, technologies allowed to be employed within coverage area, etc. More particularly, access fields that determine coverage privileges can determine at least one of time intervals for an identified mobile device to access femto coverage; privileges to access voice and data services provided through a provisioned access point that utilizes access list(s) to provide coverage, wherein the privileges dictate degree of access to a service such as QoS profile (e.g., best effort or guaranteed quality of service); allocated bandwidth; preemption profile or relative priority of access to service (e.g., video streaming, sound streaming, voice . . . ) for various mobile devices in a white list, emergency calls are not preempted; or the like.

At act 1330, the received set of access field identifications is validated and at least one of an access list or a white list profile are updated with one or more valid access fields indicated in the received set of access field indications. In an aspect, validation includes at least one of verifying a mobile device associated with a field that identifies the mobile device is flagged to opt in for inclusion in femto access service, or identifying commercial standing (e.g., outstanding bill payments, hotlined mobile device, stolen device) of the mobile device associated with the one identifier allows the one identifier to be entered in a white list.

At act 1340, the updated at least one of an access list (e.g., a white list or a black list) or white list profile is conveyed. In an aspect, the access control list or white list profile are conveyed to a provisioned femto access point. At act 1350, the updated at least one of an access list (e.g., a white list or a black list) or white list profile is retained. The access control list or white list profile can be retained in a subscriber database or in data storage, which can be associated with at least one of a network platform that provides telecommunication service(s) (e.g., femto or macro coverage) or one or more disparate networks linked to the network that provides telecommunication service(s). Data storage can be localized within a single network or distributed among various networks.

FIGS. 14A and 14B present, respectively, flowcharts of example methods 1400 and 1450 for updating an access list and a white list profile according to aspect of the subject innovation. The subject example methods can be enacted by a component (e.g., access list management component 210) within a mobile network platform. It should be appreciated that example methods 1400 and 1450 can be enacted concurrently when a white list and a white list profile are merged into a single component or entity in memory. At act 1405 it is checked whether an access list exists. In the negative case a default access list is configured at act 1410 and flow is directed to act 1415, which is enacted when the outcome of act 1405 is positive and probes whether an existing access list is formatted for storage. In an aspect, format for storage of an access list can include various representations such as binary format, wavelet compressed format, indexed representation, or the like. Such storage formats are advantageous particularly when access lists (e.g., white lists) for several (10⁴-10⁶) femto access points are aggregated or cross-linked as a result of sharing access lists. When outcome of act 1415 is positive, the access list is restored and flow is directed to act 1425. Conversely, at act 1425, based at least on a received directive (e.g., signaling 925) to configure access list, at least one of add an access field to the access field list or remove an access field from the access list. It should be appreciated that addition or removal of an access field in an access field can be dynamic in that memory is dynamically allocated upon addition and dynamically deallocated upon removal of an access field. Alternatively, field content(s) can be added to or removed from a static memory allocation for the access list. At act 1435, it is checked if access list configuration is to be continued. In the affirmative outcome, flow is directed to act 1425. Conversely, flow is directed to act 1440 in which the access list is reformatted for storage; for instant, the updated list is aggregated with a set of access lists and recompressed.

With respect to FIG. 14B, in example method 1450 in connection with white list profile update, at act 1455 it is checked whether a white list profile exists. In the negative case a default white list profile is configured at act 1460 and flow is directed to act 1465, which is enacted when the outcome of act 1455 is positive and probes whether an existing white list profile is formatted for storage. In an aspect, format for storage of an access list can include various representations such as binary format, wavelet compressed format, indexed representation, or the like. Such storage formats are advantageous particularly when access lists (e.g., white lists) for several (10⁴-10⁶) femto access points are aggregated or cross-linked as a result of sharing access lists.

When outcome of act 1415 is positive, the access list is restored and flow is directed to act 1425. Conversely, at act 1425, based at least on a received directive (e.g., signaling 925) to configure access list, at least one of add an access field to the access field list or remove an access field from the access list. It should be appreciated that addition or removal of an access field in an access field can be dynamic in that memory is dynamically allocated upon addition and dynamically deallocated upon removal of an access field. Alternatively, field content(s) can be added to or removed from a static memory allocation for the access list. At act 1480, it is checked if white list profile configuration is to be continued. In the affirmative outcome, flow is directed to act 1475. Conversely, flow is directed to act 1485 in which the access list is reformatted for storage; for instant, the updated list is aggregated with a set of access lists and recompressed. In an aspect, a format component (e.g., format component 214) can carry out the reformatting.

FIG. 15 is a flowchart of an example method 1500 for sharing a white list in accordance with aspects disclosed herein. It should be appreciated that while the illustrated example is presented for a white list, a black list or a white list profile can be shared through the same method. At act 1505 a white list is received; the white list is delivered by an originator subscriber that intends to share the white list. At act 1510, it is checked whether an originator subscriber opted to share the white list. An originator subscriber is the subscriber (e.g., subscriber A 210) that is the source of the white list. In the negative case, the method ends at 1515. In the affirmative case, the white list is retained in a secured data storage. In an aspect, contents of the conveyed white list are compatible with privacy policy(ies) related to white list content(s) dissemination. Data storage can be secure in various manners, for example, a security component can provide with a secure copy mechanism that can be utilized through an interface component that facilitates conveying the white list. At 1530 it is evaluated whether the white list is authorized for transfer. In the negative case, flow is directed to act 1560 and a white list transfer is requested and the originator subscriber is informed. In an aspect, originator subscriber is informed via signaling 212. At act 1565, it is checked whether the request is approved. In the negative case, flow is terminated at act 1515. Conversely, flow is directed to act 1535, in which a subscriber intended to receive the white list is prompted for acceptance thereof. In an aspect, the subscribed can be prompted through signaling, e.g., signaling 349, which can be embodied in various types of communication such as SMS communication, MMS communication, email communication, instant message communication, USSD messaging, or the like. At act 1540, it is evaluated whether the intended subscriber accepted the white list. In the negative case, flow is terminated at act 1515. In the affirmative case, white list is transferred from the secured storage location to a femto access point associated with the intended subscriber. At act 1550, data storage records related to the transferred white list are updated. Such data storage records can reside within a mobile network platform that provides wireless service, e.g., within a master database or in a femto network platform gateway node.

FIG. 16 is a flowchart of an example method 1600 for exchanging white list(s) and for forward sharing according to aspects described herein. In an aspect, the subject example method 1600 can be employed in conjunction with example method 1500. In an aspect, this example method 1600 can be enacted through a network component (e.g., access list management component 210). It is noted that the subject example method 1600 also can be employed for black list(s) and white list profile(s), and access fields associated therewith. In act 1610, it is checked whether and originator subscriber for transmission of a white list (e.g., white list(s) 262) has selected reciprocal addition in a white list. Reciprocal addition in a white list comprises accepting and receiving a white list or a device identifier attribute field from the recipient, or intended, subscriber for a white list of the originator subscriber. An originator subscriber is the subscriber (e.g., subscriber A 210) that is the source of the white list. Probing in act 1610 can be effected by accessing privacy policy(ies) records related to the originator subscriber and retained in a subscriber database (e.g., database 325), or any data storage that contains subscriber records associated with privacy settings that determine white list(s) exchange within a mobile network platform (e.g., a core network in cellular technologies). Alternatively, or in addition, originator subscriber can be prompted, e.g., through signaling 612, to elect reciprocal addition. When outcome of act 1610 is negative, example method is terminated. Conversely, a positive outcome leads to act 1620, wherein it is probed whether an intended subscriber account has a provisioned femto access point associated therewith. Probing can be effected by querying a subscriber database, the querying conducted by the component(s) that enact the subject example method. When outcome of act 1620 is negative, example method 1600 is terminated. Conversely, at act 1630, it is checked whether the intended subscriber allows forward sharing. In the negative case, at act 1640, white lists are exchanged among originator subscriber and intended subscriber. In an aspect, exchanging white list(s) can proceed at least in part according to example method 1500. In the positive case, at act 1650, it is probed whether originator subscriber is to add a mobile device identifier attribute field of the intended subscriber in a white list of the originator subscriber. When outcome of act 1650 is positive, a mobile device identifier linked to the intended subscriber is included in a white list configured by the originator subscriber at act 1660. At act 1670, prompting the intended subscriber to reciprocate inclusion of the mobile device identifier in the white list configured by the originator subscriber as a part of a provisioning procedure of a femto access point; the femto access point provisioned by the intended subscriber. In an aspect, the intended subscriber reciprocates inclusion of one or more mobile device identifiers from the white list configured by the originator subscriber in another white list configured by the intended subscriber. At act 1680, including a mobile device identifier linked to the originator subscriber in a white list configured by the intended subscriber. In an aspect, the inclusion of the mobile device identifier linked to the originator subscriber in a white list configured by the intended subscriber originates in response to the prompt to reciprocate served to the intended subscriber.

FIG. 17 presents a flowchart of an example method 1700 for configuring privacy setting(s) that establish at least in part privacy policy(ies) according to aspects described herein. It should be appreciated that while the illustrated example is presented for a white list, a black list or a white list profile can be shared through the same method. In an aspect, the subject method can be enacted through one or more components within a mobile network platform that provides femto access service. At act 1710, an indication is conveyed to prompt a first subscriber associated with a configured white list to elect to share a white list. In an aspect, signaling 212 can be utilized to deliver such indication or prompt. At act 1720 it is checked whether the first subscriber elects to share a white list. Outcome to act 1720 can be assessed through an access list management component that receives signaling, e.g., signaling 249, from a device operated by the subscriber or from a femto access point provisioned to the subscriber. When the outcome of act 1720 is negative, example method 1700 is terminated at act 1725. Conversely, at act 1730, an indication is conveyed to prompt a second subscriber to elect to reciprocate a shared white list with a white list associated with the second subscriber. At act 1740, it is probed whether the second subscriber elects to reciprocate. In the negative, example method is terminated at act 1725. In the affirmative case, at act 1750 it is conveyed an indication to configure a privacy policy for exchange of white lists among the first subscriber and second subscriber. At act 1760, one or more privacy settings are received in response to the indication to configure the privacy policy for exchange of white lists.

FIG. 18 presents a flowchart of an example method 1800 for determining and exploiting network structure of a network of white lists associated with subscriber of femto service and consumer of non-femto service according to aspects described herein. In an aspect, the subject example method 1800 can be enacted by one or more components within a mobile network platform that operates a femto cell network; e.g., access list management component 210 or data mining 215. At act 1810, data is extracted from a set of databases that include intelligence on femto service subscribers with a configured white list, and non-femto service consumers. In an aspect, information related to the second subscriber abides by privacy setting(s) that are part of a privacy policy determined by the femto service subscribers and the non-femto consumers. Databases can reside within one or more networks, mobile or otherwise, that retain data associated with subscribers that are served telecommunication services through a mobile network platform. Databases can be generated through various types of servers, e.g., content servers (e.g., social network website(s), blog(s), content exchange, etc.) or ecommerce servers (e.g., online reservation system for air ticket, hotel reservation, bank transaction(s), or the like) that facilitate exchange of information among subscribers. As an example, a database can be deployed within a local area network of an airline carrier, or a banking institution, or a university campus.

At act 1820, the femto service subscribers with a configured white list in a set of segments are organized in a set of segments in accordance with a set of criteria. The set of criteria can include at least one of type of subscribed femto service (e.g., business, premium, standard, or promotional), type of devices employed for communication, location or marketplace, operational radio frequency bands, and so on. At act 1830, a network of femto service subscribers and non-femto service consumers within one or more segments within the set of segment is identified, and network topology information for the network is extracted. At act 1850, the identified network is exploited to adjust at least one of femto or macro wireless service. In an aspect, when segmentation is based upon subscribed services, non-femto service consumers can be pursued with adequate targeted marketing campaigns, in particular for those non-femto service consumers that are topology nearby a femto service subscriber. At act 1860, the identified network is exploited to commercialize products that are a part of at least one of the macro or femto wireless service.

FIG. 19 is a flowchart of an example method 1900 for aggregating a white-list network through forward sharing of device identifier attribute fields, or device number identifier. At act 1910, a service provider consumer is prompted to elect inclusion of a device identifier number linked therewith in a white list. At act 1920, it is verified whether the prompt was accepted. In the negative case, the subject example method is terminated. In the affirmative case, at act 1930, the service provider consumer that elected to have a device identifier number associated therewith is exposed to femto service subscribers with configured white lists. In an aspect, exposition of the service provider consumer proceeds in accordance with a privacy policy (e.g., privacy policy(ies) 254). At act 1940, records of a white-list network (e.g., records 252) are updated when the exposed service provider consumer is included in one or more white lists of one or more femto service subscribers with configured white lists. At 1950, the white-list network is formatted so as to mitigate exponential growth of storage resources necessary to retain the white-list network records. In an aspect, the white-list network records can be compressed via wavelet-based mechanisms. In another aspect, the white-list network records can be retained in distributed data warehouses. At act 1960, the service provider consumer is prompted to reciprocate inclusion in a white list to femto service subscribers that included the service provider consumer in their configured white lists. It should be appreciated that a positive response to the prompt can be flagged in a femto network platform gateway, or substantially any, or any, other network management component or memory so as to trigger a reciprocity procedure when the service provider consumer configures or provisioned a femto access point. In an aspect, the reciprocity procedure comprising including in one or more device identifier numbers in the one or more white lists of the one or more femto service subscribers.

FIG. 20 presents a flowchart of an example method 2000 for assisted forward sharing according to aspects described herein. In an aspect, the subject method can be enacted through one or more network management components that reside within a mobile network platform. At act 2010, a set of subscribers is included in a white list for femto coverage, and prompted for to accept inclusion. In an aspect, each subscriber in the set of subscribers can be prompted via signaling (e.g., signaling 515). In an aspect, the white list is associated with a business based femto access point, e.g., a café or a bookstore, and the subscribers are consumers of wireless services of a network operator that provides service to the femto access point that host the white list. At act 2020, mutually expose within a virtual application a subset of subscribers in the set of subscribers that accepted inclusion in the white list for femto coverage. In an aspect the virtual application can be downloaded over-the-air to wireless devices of the subset of subscribers served through the femto access point that hosts the white list; prior to downloading the application, an indication to accept or decline the download is conveyed to the wireless devices. Alternatively, or in addition, a privacy policy retained in data storage in a mobile network platform (e.g., a memory in a femto network platform). Exposure within the virtual application can be effected through display of a nickname or codename for respective subscriber in the set of subscribers.

At act 2030, within the subset of subscribers, a first group of subscribers that do not have femto service is prompted to elect to be included in white list(s). In an aspect, it should be appreciated that determination of the group of subscribers can be implemented for those subscribers that allow access to commercial records within databases of the network operator or service provider. At act 2040, within the subset of subscribers, a second group of subscribers who have configured white lists is incented to include one or more subscribers in the first group within one or more white lists. In an aspect, promotion can be accomplished through distribution of add-ons for wireless applications, access to improved service for a predetermined time interval, free music and video-clips, or the like. It should be appreciated that in the subject example method, prompting can be implemented through SMS communication, MMS communication, USSD messaging, instant messaging, email communication, and so forth. Alternatively, or in addition, promoting can be conveyed through low-level signaling instructions, e.g., logic system signaling such as a multi-bit word, a set of reserved bits in control packet or frame, or the like.

FIG. 21 presents a flowchart of an example method 2100 for utilizing an access control list (e.g., a white list or black list) or a white list profile to manage access to femto access point coverage of subscriber stations and subscribers according to aspects described herein. In an aspect, the subject example method can be enacted by a femto access point (e.g., femto AP 130) that exploits the pre-populated white lists. The subject example method 2100 can be utilized with white list(s) or black list(s) and white list profile(s) configured in various manners as described in the subject specification. At act 2110, at least one of an access list or a pre-populated white list profile are received; an access list can include a white list or a black list. In another aspect, a communication platform (e.g., communication platform 357) within the femto access point receives and processes signals that carry the contents of the access list (e.g., white list(s) 343 or black list(s) 341) and a white list profile. At act 2120, the at least one of an access list (e.g., white list(s) 343 or black list(s) 341) or a white list profile (e.g., white list profile(s) 345) are retained. A memory, in the femto access AP can retain a received access list (e.g., a white list or a black list) and received white list profile. At act 2130, access to femto cell coverage is provided (e.g., granted or denied) in accordance with the received at least one of an access list (e.g., white list or black list) or white list profile.

FIG. 22 presents a flowchart of an example method 2200 for managing access of subscribers and subscriber stations to femto cell coverage according to aspects described herein. At act 2210 an access control list, or white list, for a femto cell is configured. In an aspect, the subject example method can be enacted by the femto access point (e.g., femto AP 130) that exploits the pre-populated white lists. In another aspect, configuration can be performed via a networked interface, interactively or automatically based at least in part on operation conditions of the femto cell; e.g., initial provisioning, capturing of wireless devices, responding to request for access, updating extant access control lists, and so forth. At act 2220, access to femto cell coverage is granted according to the configured access control list (e.g., white list, or black list). In another aspect, the configured access control list can possess an associated profile, e.g., white list profile 234, that controls logic for utilization of the access control list, via a set of parameters that determine conditions of access, type of access, etc., as described herein.

FIG. 23 is a block diagram of an example system 2300 that manages a defined logic of how content(s) (e.g., MSISDNs, IMSIs, IMEIs . . . ) in access control list(s), e.g., white list(s) or black list(s), are maintained on a white list profile retained in a database, which can be embodied in data storage 959. Access management component 955, which can comprise an access list (e.g., white list) management component 547 which operates in substantially the same manner as access list management component 810, can develop white list profile(s) 2320 that applies logic and parameters that control, or manage, content (e.g., attribute fields) in white list(s) 2330 such as subscriber station numbers (e.g., MSISDNs, IMSIs, IMEIs . . . ), codes, or tokens. White list profile(s) 2320 and white list(s) 2330 can be stored in data storage 959; it should be appreciated that while data storage 959 is illustrated to reside within femto access point 130, such storage can reside in a network management component (e.g., component 205), or can be functionally coupled thereof.

As described above in connection with example system 800, white list profile(s) 2320 parameters that control utilization logic of white list(s) 2330 content include, without being limited to including: (i) temporary access parameters, e.g., full access for a specific time interval such as days or hours; (ii) parameters that establish access only within a window of time in a day (voice and data allowed from 9:00 a-6:00 p, or voice allowed after 9:00 p which can facilitate billing schemes already established by an operator/service provider); (iii) parameters for access to specific applications such as scheduler, calendar(s), news streaming, authoring tools, gaming, video and music, etc; (iv) parameters for access to femto AP 130 coverage with specific QoS profile(s), band width, allocated power for communication, or the like.

In another aspect, as indicate above, logic within white list profile(s) 2320 can implement parameters to determine how long access to femto coverage is granted. For instance, when a timer associated with temporary access expires, a query 2345 can be triggered or conveyed (e.g., through a wired or wireless link 2335) to either a subscriber that operates a device associated with the managed identifier (e.g., MSISDN, IMSI, IMEI) in order to prompt or request renewed access, or to a subscriber that operates femto access point 130. The message request, e.g., query 2345, can prompt the subscriber that owns femto AP 130 whether an extension is to be granted or not. When a request is not granted by a subscriber that operates femto AP 130 or there is no reply, e.g., acknowledgement 2345, from the subscriber owner, access to femto coverage expires and the identifier (e.g., MSISDN, or substantially any identifier code or token) linked to an identified mobile device is deleted from a corresponding white list(s) 2330 within data storage 359. It should be appreciated that the deletion can be “soft,” e.g., the identifier is flagged as inactive, or “hard,” wherein the identifier is deleted and a field or slot in a white list(s) 2330 is made available. Conversely, a positive response, e.g., acknowledgement (ACK) 2347, from subscriber owner can allow access to continue based on either parameters extant in white list profile(s) 2320, or newly defined or negotiated access logic parameters. It is to be noted that query 1445 can be conveyed via an online GUI, an email message, a SMS message, MMS message, a voice mail, a web prompt, and the like.

To provide further context for various aspects or features of the subject specification, in system in which aspects or features of the subject innovation can be exploited, FIG. 24 illustrates a block diagram of an example embodiment 2400 of a femto access point that can enable and exploit and manage femto coverage via access control list(s), or white list(s), in accordance with aspects described herein. In addition, FIG. 25 illustrates a block diagram of an illustrative telecommunication network 2500 that can enable or implement, and exploit features and aspects described herein. Those skilled in the art will recognize that the specification also be implemented through program modules stored in a memory and executed by a processor, and/or other combination of hardware and software.

With respect to FIG. 24, in embodiment 2400, femto AP 2410 can receive and transmit signal(s) from and to wireless devices like macro and femto access points, access terminals, wireless ports and routers, and the like, through a set of antennas 2469 ₁-2469 _(N). It should be appreciated that while antennas 2469 ₁-2469 _(N) are a part of communication platform 550 which comprises electronic components and associated circuitry that provides for processing and manipulation of received signal(s) and signal(s) to be transmitted. In an aspect, communication platform 357 includes a receiver/transmitter 2466 that can convert signal from analog to digital upon reception, and from digital to analog upon transmission. In addition, receiver/transmitter 2466 can divide a single data stream into multiple, parallel data streams, or perform the reciprocal operation. Coupled to receiver/transmitter 2466 is a multiplexer/demultiplexer 2467 that facilitates manipulation of signal in time and frequency space. Electronic component 2467 can multiplex information (data/traffic and control/signaling) according to various multiplexing schemes such as time division multiplexing (TDM), frequency division multiplexing (FDM), orthogonal frequency division multiplexing (OFDM), code division multiplexing (CDM), space division multiplexing (SDM). In addition, mux/demux component 2467 can scramble and spread information (e.g., codes) according to substantially any code known in the art; e.g., Hadamard-Walsh codes, Baker codes, Kasami codes, polyphase codes, and so on. A modulator/demodulator 2468 is also a part of operational group 2425, and can modulate information according to multiple modulation techniques, such as frequency modulation, amplitude modulation (e.g., M-ary quadrature amplitude modulation (QAM), with M a positive integer), phase-shift keying (PSK), and the like.

Femto acces point 2410 also includes a processor 2435 configured to confer functionality, at least partially, to substantially any electronic component in the femto access point 2410. In particular, processor 2435 can facilitate access management component 545 to operate in accordance to aspects disclosed herein. In addition, processor 2435 can facilitate operations on data (e.g., symbols, bits, or chips) for multiplexing/demultiplexing, such as effecting direct and inverse fast Fourier transforms, selection of modulation rates, selection of data packet formats, inter-packet times, etc. A memory 2455 can store data structures, code instructions, system or device information like policies and specifications, code sequences for scrambling, spreading and pilot transmission, floor plan configuration, access point deployment and frequency plans, scheduling policies, and so on.

In embodiment 2400, processor 2434 is coupled to the memory 2455 in order to store and retrieve information necessary to operate and/or confer functionality to communication platform 550, access management component 545, and other operational aspects of femto access point 2410.

With respect to FIG. 25, wireless communication environment 2500 includes two wireless network platforms: (i) A macro network platform 2510 which serves, or facilitates communication with user equipment 2575 (e.g., mobile 120 _(A)) via a macro radio access network (RAN) 2570. It should be appreciated that in cellular wireless technologies (e.g., 3GPP UMTS, High-Speed Packet Access (HSPA), 3GPP LTE, 3GPP2 UMB), macro network platform 2510 is embodied in a Core Network. (ii) A femto network platform 2580, which can provide communication with UE 2575 through a femto RAN 2590, which is linked to the femto network platform 2580 via backhaul pipe(s) 2585 (e.g., backhaul link(s) 140). It should be appreciated that macro network platform 2510 typically hands off UE 2575 to femto network platform 2510 when UE 2575 attaches (e.g., through macro-to-femto handover) to femto RAN 2590, which includes a set of deployed femto APs (e.g., femto AP 130) that can operate in accordance with aspects described herein.

It is noted that RAN includes base station(s), or access point(s), and its associated electronic circuitry and deployment site(s), in addition to a wireless radio link operated in accordance with the base station(s). Accordingly, macro RAN 2570 can comprise various coverage cells like cell 105, while femto RAN 2590 can comprise multiple femto cell access points such as femto AP 130. Deployment density in femto RAN 2590 is substantially higher than in macro RAN 2570.

Generally, both macro and femto network platforms 2510 and 2580 include components, e.g., nodes, gateways, interfaces, servers, or platforms, that facilitate both packet-switched (PS) (e.g., internet protocol (IP), frame relay, asynchronous transfer mode (ATM)) and circuit-switched (CS) traffic (e.g., voice and data) and control generation for networked wireless communication. In an aspect of the subject innovation, macro network platform 2510 includes CS gateway node(s) 1812 which can interface CS traffic received from legacy networks like telephony network(s) 2540 (e.g., public switched telephone network (PSTN), or public land mobile network (PLMN)) or a SS7 network 2560. Circuit switched gateway 2512 can authorize and authenticate traffic (e.g., voice) arising from such networks. Additionally, CS gateway 2512 can access mobility, or roaming, data generated through SS7 network 2560; for instance, mobility data stored in a VLR, which can reside in memory 2530. Moreover, CS gateway node(s) 2512 interfaces CS-based traffic and signaling and gateway node(s) 2518. As an example, in a 3GPP UMTS network, PS gateway node(s) 2518 can be embodied in gateway GPRS support node(s) (GGSN).

In addition to receiving and processing CS-switched traffic and signaling, PS gateway node(s) 1818 can authorize and authenticate PS-based data sessions with served (e.g., through macro RAN) wireless devices. Data sessions can include traffic exchange with networks external to the macro network platform 2510, like wide area network(s) (WANs) 2550, enterprise networks (NW(s)) 1870 (e.g., enhanced 911), or service NW(s) 2580 like IP multimedia subsystem (IMS); it should be appreciated that local area network(s) (LANs), which may be a part of enterprise NW(s), can also be interfaced with macro network platform 2510 through PS gateway node(s) 2518. Packet-switched gateway node(s) 2518 generates packet data contexts when a data session is established. To that end, in an aspect, PS gateway node(s) 2518 can include a tunnel interface (e.g., tunnel termination gateway (TTG) in 3GPP UMTS network(s); not shown) which can facilitate packetized communication with disparate wireless network(s), such as Wi-Fi networks. It should be further appreciated that the packetized communication can include multiple flows that can be generated through server(s) 2514. It is to be noted that in 3GPP UMTS network(s), PS gateway node(s) 2518 (e.g., GGSN) and tunnel interface (e.g., TTG) comprise a packet data gateway (PDG).

Macro network platform 2510 also includes serving node(s) 2516 that convey the various packetized flows of information, or data streams, received through PS gateway node(s) 2518. As an example, in a 3GPP UMTS network, serving node(s) can be embodied in serving GPRS support node(s) (SGSN).

As indicated above, server(s) 2514 in macro network platform 2510 can execute numerous applications (e.g., location services, online gaming, wireless banking, wireless device management . . . ) that generate multiple disparate packetized data streams or flows, and manage (e.g., schedule, queue, format . . . ) such flows. Such application(s), for example can include add-on features to standard services provided by macro network platform 2510. In an aspect of the subject innovation, one or more of server(s) 2514 can embody an access list management component as described hereinbefore in connection with the various illustrative example systems. Data streams can be conveyed to PS gateway node(s) 2518 for authorization/authentication and initiation of a data session, and to serving node(s) 2516 for communication thereafter. Server(s) 2514 can also effect security (e.g., implement one or more firewalls) of macro network platform 2510 to ensure network's operation and data integrity in addition to authorization and authentication procedures that CS gateway node(s) 2512 and PS gateway node(s) 2518 can enact. Moreover, server(s) 2514 can provision services from external network(s), e.g., WAN 2550, or Global Positioning System (GPS) network(s), which can be a part of enterprise NW(s) 2580. It is to be noted that server(s) 2514 can include one or more processor configured to confer at least in part the functionality of macro network platform 2510. To that end, the one or more processor can execute code instructions stored in memory 2530, for example.

In example wireless environment 2500, memory 2530 stores information related to operation of macro network platform 2510. Information can include business data associated with subscribers; market plans and strategies, e.g., promotional campaigns, business partnerships; operational data for mobile devices served through macro network platform; service and privacy policies; end-user service logs for law enforcement; and so forth. Memory 2530 can also store information from at least one of telephony network(s) 2540, WAN 2550, SS7 network 2560, enterprise NW(s) 2570, or service NW(s) 2580.

Regarding femto network platform 2580, it includes a femto gateway node(s) 2584, which have substantially the same functionality as PS gateway node(s) 2518. Additionally, femto gateway node(s) 2584 can also include substantially all functionality of serving node(s) 2516. Disparate gateway node(s) 2584 can control or operate disparate sets of deployed femto APs, which can be a part of femto RAN 2590. In an aspect of the subject innovation, femto gateway node(s) 2584 can aggregate operational data received from deployed femto APs. Moreover, femto gateway node(s) 2584, can convey received attachment signaling to attachment component 2520. It should be appreciated that while attachment component is illustrated as external to gateway node(s) 2584, attachment component 2520 can be an integral part of gateway node(s) 2584.

Attachment component 2520 can facilitate macro-to-femto and femto-to-macro handover with attachment to a femto AP (e.g., femto AP 130) dictated in accordance to a white list (e.g., white list(s) 250) and/or a white list profile (e.g., white list profile(s) 252). In an aspect, attachment component 2520 can include a determination of whether a white list resides within femto AP and whether a mobile station that is attempting attachment is whitelisted as described in the subject innovation. It is noted, in an aspect, that when a whitelisted mobile station is allowed to attach to the femto AP, attachment component 2520 can establish femto service in accordance with privileges, or access logic, configured in a white list profile (e.g., white list profile(s) 252).

Memory 2586 can retain additional information relevant to operation of the various components of femto network platform 2580. For example operational information that can be stored in memory 2586 can comprise, but is not limited to, subscriber intelligence; contracted services; maintenance and service records; femto cell configuration (e.g., devices served through femto RAN 2590; authorized subscribers associated with one or more deployed femto APs); service policies and specifications; privacy policies; add-on features; so forth.

Server(s) 2582 have substantially the same functionality as described in connection with server(s) 2514. In an aspect, server(s) 2582 can execute multiple application(s) that provide service (e.g., voice and data) to wireless devices served through femto RAN 2590. Server(s) 2582 can also provide security features to femto network platform. In addition, server(s) 2582 can manage (e.g., schedule, queue, format . . . ) substantially all packetized flows (e.g., IP-based, frame relay-based, ATM-based) it generates in addition to data received from macro network platform 2510. Furthermore, server(s) 2582 can effect provisioning of femto cell service, and effect operations and maintenance. It is to be noted that server(s) 2582 can embody provisioning server 345, and can populate white list(s) and white list profile(s) in accordance with aspects described herein. It is to be noted that server(s) 2582 can include one or more processors configured to provide at least in part the functionality of femto network platform 2580. To that end, the one or more processors can execute code instructions stored in memory 2586, for example.

Various aspects or features described herein may be implemented as a method, apparatus, or article of manufacture using standard programming and/or engineering techniques. Implementation(s) that include software or firmware can be implemented at least in part through program modules stored in a memory and executed by a processor. The term “article of manufacture” as used herein is intended to encompass a computer program accessible from any computer-readable device, carrier, or media. For example, computer readable media can include but are not limited to magnetic storage devices (e.g., hard disk, floppy disk, magnetic strips. . . ), optical disks (e.g., compact disc (CD), digital versatile disc (DVD), blu-ray disc (BD) . . . ), smart cards, and flash memory devices (e.g., card, stick, key drive. . . ).

As it employed in the subject specification, the term “processor” can refer to substantially any computing processing unit or device comprising, but not limited to comprising, single-core processors; single-processors with software multithread execution capability; multi-core processors; multi-core processors with software multithread execution capability; multi-core processors with hardware multithread technology; parallel platforms; and parallel platforms with distributed shared memory. Additionally, a processor can refer to an integrated circuit, an application specific integrated circuit (ASIC), a digital signal processor (DSP), a field programmable gate array (FPGA), a programmable logic controller (PLC), a complex programmable logic device (CPLD), a discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. Processors can exploit nano-scale architectures such as, but not limited to, molecular and quantum-dot based transistors, switches and gates, in order to optimize space usage or enhance performance of user equipment. A processor may also be implemented as a combination of computing processing units.

In the subject specification, terms such as “data store,” data storage,” “database,” and substantially any other information storage component relevant to operation and functionality of a component, refer to “memory components,” or entities embodied in a “memory” or components comprising the memory. For example, information relevant to operation of various components described in the disclosed subject matter, and that can be stored in a memory, can comprise, but is not limited to comprising, subscriber information; femto cell configuration (e.g., devices served by a femto AP; access control lists, or white lists) or service policies and specifications; privacy policies; and so forth. It will be appreciated that the memory components described herein can be either volatile memory or nonvolatile memory, or can include both volatile and nonvolatile memory.

By way of illustration, and not limitation, nonvolatile memory can include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable ROM (EEPROM), or flash memory. Volatile memory can include random access memory (RAM), which acts as external cache memory. By way of illustration and not limitation, RAM is available in many forms such as synchronous RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDR SDRAM), enhanced SDRAM (ESDRAM), Synchlink DRAM (SLDRAM), and direct Rambus RAM (DRRAM). Additionally, the disclosed memory components of systems or methods herein are intended to comprise, without being limited to comprising, these and any other suitable types of memory.

What has been described above includes examples of systems and methods that provide advantages of the subject innovation. It is, of course, not possible to describe every conceivable combination of components or methodologies for purposes of describing the claimed subject matter, but one of ordinary skill in the art may recognize that many further combinations and permutations of the claimed subject matter are possible. Furthermore, to the extent that the terms “includes,” “has,” “possesses,” and the like are used in the detailed description, claims, appendices and drawings such terms are intended to be inclusive in a manner similar to the term “comprising” as “comprising” is interpreted when employed as a transitional word in a claim. 

What is claimed is:
 1. A system, comprising: a data mining component configured to receive subscriber data related to a set of subscribers associated with a set of access control lists; and an access management component configured to determine an association between a subset of the set of subscribers based on an analysis of the subscriber data, and create a hierarchical structure representing a subset of the set of access control lists based on the association.
 2. The system of claim 1, wherein the access management component is further configured to facilitate forward sharing of a device identifier attribute field between a subset of the set of access control lists that is associated with the subset of the set of subscribers.
 3. The system of claim 1, wherein the data mining component is further configured to obtain social interaction data related to the set of subscribers from a social network.
 4. The system of claim 3, wherein the analysis is a first analysis and the access management component is further configured to determine the association based on a second analysis of the social interaction data.
 5. The system of claim 3, wherein the data mining component is further configured to classify the social interaction data into a set of segments in accordance with a set of criteria that is related to social activity, wherein a segment of the set of segments includes a set of networks of femto service subscribers.
 6. The system of claim 5, wherein the data mining component is further configured to classify the social interaction data into the set of segments by utilization of a machine learning model.
 7. The system of claim 1, further comprising: a format component configured to reformat the hierarchical structure to reduce a size of the hierarchical structure.
 8. The system of claim 1, further comprising: a security component configured to receive an authorization from a first subscriber of the set of subscribers, expose an identity associated with a communication device of the first subscriber, and facilitate management of a white list associated with a femto access point of a second subscriber of the set of subscribers.
 9. The system of claim 8, wherein the access management component is further configured to add data associated with the identity to the white list, in response to receipt of the authorization.
 10. The system of claim 9, wherein the identity is a first identity, the communication device is a first communication device, the white list is a second white list, and the femto access point is a second femto access point, and wherein the access management component is further configured to provide a recommendation indicative of a second identity associated with a second communication device of the second subscriber, to facilitate management of a first white list associated with a first femto access point of the first subscriber.
 11. The system of claim 10, wherein the access management component is further configured to add data associated with the second identity to the first white list, based on receipt of a confirmation in response to the recommendation.
 12. A method comprising: analyzing, by a system comprising at least one computer, data related to subscribers associated with access control lists; identifying, by the system, a relationship between a portion of the subscribers, based on the analyzing; and generating, by the system, a hierarchical structure of a portion of the access control lists based on the relationship.
 13. The method of claim 12, wherein the generating includes creating, by the system, a white list tree.
 14. The method of claim 12, further comprising: receiving, by the system, the data from a core-network data store.
 15. The method of claim 12, further comprising: receiving, by the system, the data from a social networking platform.
 16. The method of claim 12, further comprising: forward sharing a device identifier attribute field between the portion of access control lists by utilizing the hierarchical structure.
 17. The method of claim 16, further comprising: implementing, by the system, a privacy policy that enables the subscribers to control the forward sharing.
 18. A computer-readable medium having instructions stored thereon that, in response to execution, cause a system to perform operations, comprising: analyzing data related to a first subscriber and a second subscriber associated with a first access control list and a second access control list respectively; identifying an association between the first subscriber and the second subscriber, based on the analyzing; and generating a hierarchical structure associated with the first access control list and the second access control list as a function of the association.
 19. The computer-readable medium of claim 18, wherein the operations further comprise, recommending addition of a first device identifier attribute field associated with the first subscriber to the second access control list and addition of a second device identifier attribute field associated with the second subscriber to the first access control list.
 20. The computer-readable medium of claim 18, wherein the operations further comprise, receiving the data from a social networking platform. 